VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2006 and a list of the resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article

New Features in this Release



  • Console event Logs now display the product name.
    Console events only displayed Product ID, but now they show the product name.
  • Configurable Hint for Enrollment Log In.
    You can configure a friendly hint (or not so friendly, it's up to you) to end-users enrolling their devices. You can be as specific or generic as you like. For example, if their enrollment log-in is the same as their Active Directory credentials, then say so. You can also include a link they can click to get help. This feature is currently supported by Windows devices only.
  • We now support Avi Networks (VMware NSX Advanced Load Balancer) for all Workspace ONE Services.
    We've integrated Avi Networks with Workspace ONE UEM deployments. For more information, see Avi Vantage and VMware Workspace ONE UEM.


  • We've simplified your migration. You can silently and remotely migrate Zebra devices running Android 7 or later into Work Managed mode without a factory reset or a reboot.
    As we further shift towards Android Enterprise, we want to provide you with easy ways to migrate your devices enrolled under Android (Legacy) to Android Enterprise. For more information, see Android Legacy Migration.
  • Gather location data without sacrificing your device's battery life.
    Google has created the Fused Location Provider API. It is a simple and battery-saving location API for Android. We've added a new device setting to support this API, Location Data Accuracy, that allows you to gather location data more accurately without sacrificing battery life. For more information, see Devices & Users / Android / Hub Settings.


  • We now support MDM Bootstrap Token in macOS 10.15.
    For User Approved MDM enrolled devices on macOS 10.15 Catalina, a Bootstrap Token will be automatically generated and escrowed to Workspace ONE UEM on the next login by any user who is already SecureToken enabled. This Bootstrap Token will then be used to automatically grant a SecureToken to mobile account users and the optional managed administrator account created during Apple Business Manager enrollment. For more information, see MDM Bootstrap Token.

Mobile Application Management

  • Upload icons for your internal apps using our REST API.
    You can now upload icons for your internal apps using our REST API. Checkout our REST API help page for more information.

Mobile Content Management

  • Make use of the Device service to get the updated device status.
    To get the updated device status, use a device service endpoint instead of the existing dbo.Device table. The dbo.Device table is deprecated and is no longer updated with the device status.


  • Introducing the Relay Server Cloud Connector.
    A Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content from a service endpoint and distributes it to your relay servers. This design initiates an outbound connection from your network to the VMware cloud to download content for distribution. Such an outbound connection represents a security advantage over other relay server designs. For more information, see Configure a Relay Server.


  • Workspace Intelligent Hub for Windows now supports enrollment with Workspace ONE Access.
    If you use Workspace ONE Access as your identity provider, you can now enroll Windows 10 devices with Intelligent Hub for Windows. When you configure the source of authentication for Intelligent Hub, select Workspace ONE Access. Configure these settings in Devices > Device Settings > Devices & Users > General > Enrollment. For details, see Configure Enrollment Option.

Resolved Issues

The resolved issues are grouped as follows.

2006 Resolved Issues
  • AAPP-9787: Unable to access or change the new section under the hub services from Workspace ONE Access console. 

  • AAPP-10022: OS versions are deleted upon UEM console upgrade. 

  • AAPP-10079: Apple Care tab on device details errors out instead of returning warranty information. 

  • AAPP-10175: Custom B2B applications cannot be saved if the same bundleID exists in the parent organization groups. 

  • AGGL-7177: Update to managed app config for Android public apps is not pushed to the devices. 

  • AGGL-7211: Workspace ONE Intelligent Hub needs an accurate message during CO if the user does not exist in UEM. 

  • AGGL-7407: Permissions Profile fails to load in Console at over 35 apps. 

  • AGGL-7696: Google Playstore and Apps taking too long to install. 

  • AGGL-7776: Unable to use Access for Work Profile authentication on enrollment. 

  • AGGL-7786: Auto Update Policy for Android Enterprise Devices are applied incorrectly resulting in the applications not updating automatically on the devices. 

  • AMST-22108: Factory provisioning PPKG creation flow does not restrict Workgroup name character limit to 15.

  • AMST-24205: Push notifications messages backing up for windows devices on publishing.

  • AMST-25507: Console command Change Organization Group fails when enrollment user is not available in global. 

  • AMST-26332: Windows System Update Profile displays the incorrect setting description. 

  • AMST-26773: Error code event data shows "Exec Status: True, True, Add Status" which is not understandable. 

  • AMST-26801: The PSADT support for deferrals only supports 2,4,8 hours.

  • AMST-26916: Smart Group OEM and Model filter contains residual invalid entries.

  • AMST-27153: Group Id setting to group peers under the DeliveryOptimization section is not sent to device. 

  • AMST-27203: Selective App List Sample causing app installation status to flip for some apps when BIOS profile enabled.

  • AMST-27366: Compliance Status is not getting updated for Windows Desktop devices.

  • AMST-27590: Certificate removal commands on Windows 10 are getting stuck as "On Hold" and the certificate revocations for Entrust fails. 

  • ARES-8768: Unify the application list view user interface.

  • ARES-8768: Unify the application list view user interface.

  • ARES-9666: Add a platform-specific tag to the keyboard restriction DLP setting on the console user interface.

  • ARES-11751: Admin logged in event logs is inconsistent for Install/Remove Profile Requested events.

  • ARES-12034: Profile Allow removal attribute does not work as expected while editing the profile.

  •  ARES-12077: Unable to assign public apps using certain UEM console built-in roles.

  • ARES-12483: Applications fail to display for macOS with Device State feature flag on.

  • ARES-13014: Applications not assigned to devices that are added to existing Smart Groups. 

  • ARES-13054: Unable to upload app config XML for app assignments. 

  • ARES-13173: APN settings values in the App Config are not getting loaded into the user interface page.

  • CMSVC-13474: Get SQL client execution Timeout when search user by username over 300k users in the system. 

  • CRSVC-11687: HostValidation throws error 421 for valid DS requests.

  • CMSVC-13563: Deleted OG is stuck on delete in progress.

  • CRSVC-10567: Certificates nearing expiration on the device cert page shows up in the list count of certs near expiration in the device details page. 

  • CRSVC-11914: Unable to load Device Details pages in the UEM Console. 

  • ENRL-1840: OS Platform information is not saved in the device record during enrollment. 

  • ENRL-1925: Registering a device to an enrollment user with Message Type is set to SMS. 

  • FCA-192641: On Internet Explorer 11 when an admin with a specific Admin Role opens Device List View page, the spinning wheel remains on the screen and never disappears after loading the page. 

  • FCA-193300: Device Details Summary shows incorrect last seen time for iOS devices.

  • FCA-193122: Rest API fails to query Win10 devices on some pages.

  • FCA-193184: Uptime DB upgrade fails with errors.  

  • FCA-193187: Inconsistent functioning of feature Change Organization Group. 

  • FCA-193187: Inconsistent functioning of feature Change Organization Group. 

  • FCA-193341: Unable to Launch Workspace ONE Intelligence from Workspace ONE UEM console. 

  • FCA-193370: Option to access Intelligence is not available under Monitor in Console Dashboard.

  • MACOS-12: Certificate resiliency check for missing certificates errors out when there is more than 1 missing certificate for a single profile. 

  • MACOS-36: "ClientID" in Directory Profile for macOS is "required" in UEM, but is not required in MDM protocol.

  • RUGG-7813: Adding a new app to the Launcher profile causes other app placeholder icons to disappear.

  • RUGG-8187: Save failed when adding second device token with the same device information under Device Lifecycle.

  • AAPP-12679: Generate unique PayloadIdentifier in the configuration profile on push. Patch Resolved Issues
  • AMST-27887: All Windows command line enrollments with basic staging users does not work as expected.

  • ARES-13338: Editing boxer app assignment with certificate-based authentication on the console is not saving the authentication subform hidden fields due to which boxer authentication is failing on the device.

  • CMEM-185895: Windows Native Mail profile does not work as expected.

  • CRSVC-12384: Cache key prefix mismatch between CN and DS nodes post urgent patches.

  • CRSVC-12420: Extend UDID hash validation in Beacon Payload to account for UDIDs in lower case. 

  • CRSVC-12460: Port being present in the URL fails the host validation for device requests bound to Directory Service.

  • FCA-193526: Incorrect Admin account information displayed under-console events for Change OG event.

  • PPAT-7432: Blocking calls in the tunnel client causing deadlocks. Patch Resolved Issues
  • ARES-13561: Boxer configuration not landing on the devices due to a Red exclamation on Email settings Payload. 

  • ARES-13565: deviceProfile.UpdateStatusForAllDeviceProfiles blocking during heavy contention in a shared SaaS environment. 

  • ARES-13566: deviceProfileDevicePoolSample_Save blocked during heavy contention in a shared SaaS environment. 

  • ARES-13568: DS endpoint should be able to handle the memconfig GUID. 

  • ARES-13635: Unable to login to catalog even when you provide valid credentials. 

  • CRSVC-12658: DeviceActivationLockBypass_Load is one of the most CPU consuming procedure on a shared SaaS environment. 

  • MACOS-1327: Install Bootstrap package command not being queued up on new enrollments. Patch Resolved Issues
  • ARES-13669: Device summary record (Assigned, Not installed and Installed) is not retrieving the list of devices for which profile is published with multiple configurations in a payload. 

  • CRSVC-12754: High Memory Usage Issue on Compliance Service. 

  • FCA-193723: Device List View is slow to load during the start of Business hours. 

  • RUGG-8652: Change Temp Tables to Table Variable in PolicyProductListSample_save. Patch Resolved Issues
  • ARES-13862: Email Settings tab on the Boxer App assignment page shows Error. 

  • ARES-13950: Sproc - interrogator.SelectiveApplicationList_Save_V2 causes high CPU load in DB Server.

  • CRSVC-12993: Replace temp table to table variable in device state sproc. 

  • CRSVC-12997: Timeout in deviceState.GpsLogSample_Load stored procedure. Patch Resolved Issues
  • ARES-13935: Improve the response time for AppConfigSettings and AppCatalogRequest endpoints.

  • ARES-14001: Move the Device state load method from SecureChannelEndpoint.ProcessSettingEndpoint. 

  • AMST-28369: Interrogator sample system saving incorrect data or failing to save data on certain environments.

  • CRSVC-13091: Move GPS information out of the system_information segment.

  • CRSVC-13092: Include sample table results in Device_Load stored procedure for default attribute.

  • FCA-193850: Procedure mobileManagement.EnrollmentUser_DeviceGridSearch execution time.

  • SINST-175721: Cloud connector service fails to start with a 1067 error post-upgrade to 2006. Patch Resolved Issues
  • FCA-194215: Internet Explorer shows duplicate options in Devices List View page. Patch Resolved Issues
  • AAPP-10656: Unable to Accept Terms of Use acceptance for Custom B2B App. 

  • AGGL-8323: Stored procedure interrogator.SaveTransactionInformation is called more than 100 times a second and also has a huge difference between working time and elapsed time. 

  • ARES-14393: UEM API fails to return correct results. Patch Resolved Issues
  • ARES-14458: Internal app reconcile fails when Smart Group is modified by adding devices. Patch Resolved Issues
  • AGGL-8387: COPE Include Targets for Enhanced Work Profile devices. Patch Resolved Issues
  • AAPP-10936: iOS devices are checking in continuously while checking for available OS Updates. 

  • CMSVC-14108: Scheduler does not sync more than 999 directory user groups. Patch Resolved Issues
  • AAPP-11201: Device Management profile not getting removed from the device on an enterprise wipe. 

  • AAPP-11214: Wipe deleted devices hitting the Check-in endpoint. Patch Resolved Issues
  • PPAT-8343: DTR is missing when the customer upgraded the environment from 2003 (or above) to the latest console. Patch Resolved Issues
  • ATL-5606: Timestamp missing from older patches causing signing checks to fail. Patch Resolved Issues
  • ARES-17192: App group search API not returning all app group.

  • FCA-195671: Unable to see Report Subscription that is greater than the page size. Patch Resolved Issues
  • CRSVC-18458: Addressing encryption/signing issues on Device Services, leading to device communication failures due to recent changes in .NET framework released as part of latest Windows updates. Patch Resolved Issues
  • ENRL-2765: User input validation and error handling during web enrollment steps. Patch Resolved Issues
  • AAPP-12679 Generate unique PayloadIdentifier in the configuration profile on push.

Known Issues

The known issues are grouped as follows.

  • FCA-193409 ​: Unable to delete Hub/Workspace ONE registered device record from UEM console.

    When we delete the hub or workspace ONE registered device from the device list view or details page, the status gets stuck in wipe Initiated state. This issue is intermittent in nature and in UEM console device status will get stuck in wipe initiated state whereas on device command will get executed and the device will be deleted.

    As a workaround, you can delete the device using API "<apiserver>/api/help/#!/apis/<Device ID>?!/Devices/Devices_Delete". 

  • CRSVC-11681​: List of profiles available for the action is only populated in the drop-down menu for the first 'Block/Remove profile' action. For every subsequent 'Block/Remove profile' action, an empty drop-down is displayed.


    Profile list drop-down is not populated when attempting to add two or more Block/Remove Profile actions to a compliance policy

    As a workaround, type the name of Profile rather than selecting from the drop-down menu.

  • FCA-193492: The network tab in the device details page does not show up the Wifi IP Address for iOS and Android devices.

    Unable to see the wifi IP address of iOS and Android devices.

    As a workaround, Wifi IP address can be checked from device list view page or admin can view the details using API "<apiserver>/api/mdm/devices/{deviceid}/network"

  • AGGL-7621: Android enterprise 'permission' profile contains non-runtime permissions causing the profile installation failure in the Hub since it can only apply for runtime permissions.

    When the base permission of AE permission profile is set to default and then the defaults are overridden within the apps added in the profile to a different value, then the permission profile fails to apply on the devices as the XML sent to the device has all the permissions instead of just the runtime permissions.

    As a workaround, have the permission set to the base permission or create duplicate permission for the specific application for the override and then change the default. 

Mobile Content Management
  • CMCM-188571: Configure a CG with Invalid KCD settings.

    The error message "Please select Content Gateway with KCD settings." should be displayed when navigating away from the CG selection tab of the repository. 

  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on console. 

    As a workaround, set the date one day prior to your intended expiration date.  

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

  • AMST-32922: Windows Desktop App added via BSP is failing to install on the device.

    The issue arises when BSP apps are imported for Windows Phone and the same app is supported on the Windows Desktop platform and admin imports for Windows Desktop. In such a case, the BSP app installation on Windows Desktop fails.

check-circle-line exclamation-circle-line close-line
Scroll to top icon