VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2011 and a list of the resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

Once our phased rollout is complete, we will announce general availability for on-premises and managed hosted customers. For more information, see the KB article

New Features in this Release


  • VMware Terms of Service Update.
    Are you a new customer opting into Hub Services or Workspace ONE Access from UEM? You'll no longer see the VMware Terms of Service if you've already accepted the Terms of service in the UEM Console.
  • Update the Outbound Proxy Tooltip content to include restarting of all AirWatch services.
    When saving the global proxy setting all AirWatch services make outbound requests depending on the initiated flow as a result we updated the tooltip content to include restarting of all AirWatch services.
  • Compromised Device Status Details Available for iOS.
    Administrators can now review specific reasons as to why an iOS device is deemed compromised, enabling the admin to share this info with the device user. Navigate to the Device Details page for the compromised iOS device and select the More > Compromised Detection tabs to review details about the compromised status. For more information, see Device Details.
  • The location privacy settings on Workspace One UEM defaults to “Do not Collect”.
     The location privacy settings viz. Bluetooth, USB data, and GPS data would have a default value set to “Do not Collect”. For more information, see Location privacy settings

Chrome OS

  • Configure certificates with or without a wi-fi network.
    We have updated the profiles to split the certificates section of the Network profile into a new Credentials profile. After upgrade, all existing certificates are migrated to the Credentials profile and you can configure certificates with or without a wi-fi network. Want to know more? see Configure Credentials profile.
  • More easily migrate Chrome EMM Registration between consoles.
    To support migrating your Chrome EMM Registration from one environment to another, when you clear Chrome settings in the UEM console, all Chrome OS device records are cleared out, all Certificates pushed to Chrome users and/or devices from the console are revoked, and the UEM Extension is removed from devices. Want to know more? see Setup Chrome OS Configuration Settings. Want to know more? see Setup Chrome OS Configuration Settings.


  • Did you know there have been changes to Android management using device administrator (Android Legacy)?.
    We have updated the UEM console to make Android enterprise the default deployment model for Android devices, and the legacy Android management model (also known as device administrator) will be accessible by exception. Android enterprise is custom-tailored for bring-your-own-device (BYOD), corporate-owned, and dedicated device modes, each with unique management controls and user experiences. For more information about this change, see Upcoming Changes to Android Management Using Device Administrator (Android Legacy). .


  • Monitor, logout, and delete the users on your Shared iPads.
    Admins with Shared iPads for Business can now track the users that exist on their devices as well as forcing these users to logout or even be deleted. Want to know more? See Monitor, Logout, and Delete a User.
  • Improve your device update experience by skipping some or all screens on iOS 14 and macOS Big Sur 11.0 devices.
    You can now deploy a Skip Setup Assistant payload and choose to the skip the setup screens after an OS update. For more information, see Configure a Setup Assistant Profile. For more information, see Configure a Setup Assistant Profile .


  • macOS 11 Big Sur updates to Bootstrap Token.
    Bootstrap Token has been enhanced to support macOS Big Sur. Bootstrap Token escrow status details can now be retrieved with Console APIs for Device Information, and Event Logs now display Bootstrap Token removals. For more information, see MDM Bootstrap Token.
  • macOS SSO Extension profile in User context.
    Starting from macOS Big Sur, admins can now create the SSO Extension profile in either device or user context based on deployment needs. Want to know more? see Configure an SSO Extension Profile.

Application Management

  • Sort your internal apps by the date-time they were created and filter them by the source they were added from.
    We've added two new columns to the internal app list view page. The CreatedOn column lets you sort the apps based on the app creation timestamp and the Source column lets you filter apps based on the application source.

Content Management

  • We've automated repository addition for you through APIs.
    You can now add repositories using APIs instead of adding repositories manually on the UEM console.
  • We've announced end of support for the Personal Content portion of the Workspace ONE Content solution.
    End of General Support for VMware Workspace ONE Personal Content.Want to know more? see End of support announcement.


  • Explicit Security with NSX-T.
    Tunnel NSX integration now supports NSX-T. With this, you can specify explicit paths between your apps on devices and services in your data center. For more information, see Integrating VMware Tunnel with NSX.
  • Smart Groups for Device Traffic Rules.
    Looking to enforce Zero Trust policies for application access? You can now create multiple policies for Device Traffic Rules and assign them to individual profiles, helping you achieve least-privilege based access policies. For more information, see Create Device Traffic Rules.

Resolved Issues

The resolved issues are grouped as follows.

2011 Resolved Issues
  • AAPP-7494: The save button is disabled when the user switches from override to inherit. 

  • AAPP-10556: Install Profile command for Single App Mode not being released. 

  • AAPP-10591: While using custom DEP enrollment, OS platform values are not saved correctly.

  • AAPP-10604: Unable to enroll DEP devices if the token has a tag associated with it.

  • AAPP-10727: Device Management profile not getting removed from the device on an enterprise wipe. 

  • AAPP-10730: Device Ownership Typeset in DEP profile not being honored during Custom DEP Enrollment.

  • AAPP-10855: OS version is not being updated in the dbo.Device table for a few devices.

  • AAPP-10876: Seed script does not execute successfully.

  • AAPP-10913: Network Usage Rules payload fails to load when commas are used in the bundle ID field.

  • AAPP-11026: Activation Lock fails to disable for cellular-enabled iOS devices.

  •  AAPP-11076: Messaging service quits processing messages in APNSOutbound queue. 

  • AAPP-11060: DEP registration records with a tag are not removed by sync/fetch

  • AAPP-11066: Unable to change Default Scheme "awbrowsersso" for existing iOS Web app. 

  • AAPP-11065: Asset number from Registration record not picked up when the non-DEP device is re-enrolled via Custom DEP. 

  • AGGL-8242: Unable to access Enrollment Restriction(AFW) after upgrading to the 2005 UEM console. 

  • AGGL-8311: APK metadata parsing failure. 

  • AGGL-8487: Compliance Status remains in "pending compliance check".

  • AMST-28816: Bitlocker profile removal does not show the admin's name in troubleshooting. 

  • AMST-29239: Correct Tooltip for Enterprise App Repository

  • AMST-29320: Bullet points/Number list used in the Terms of Use does not appear for windows devices during enrollment if enrolled via Access work or school.

  • AMST-29627: Database upgrade fails due to Timeout Issue.

  • ARES-14781: Internal App Details Summary tab fails to load the charts when the "PublicApplicationView" Resource is not enabled for the admin role. 

  • ARES-14904: Profile retry logic does not check for assignment. 

  • ARES-14911: Legacy catalog displays both public and internal apps. 

  • ARES-14934: Install/remove action from the app summary page > device does not work as expected. 

  • ARES-14935: Admin account with API access at a child OG can delete apps managed by parent OG via API.

  • ARES-14983: Windows Dependency page getting crashed. 

  • ARES-15721: Settings mismatch (Settings&Policies -> Security Polices ->Integrated auth) when changing between inheriting and override for a child OG.

  • ARES-15726: App Multi-select and App config keys not applying to IBM Application.

  • ARES-15816: Unable to delete Geofence Areas. 

  • ARES-15961: Unable to save security policies. 

  • CMCM-188856: Managed Content files not displaying in the Content app. 

  • CMEM-186012: Whenever accessing the Email-->Compliance Policy and also by attempting to run email compliance policy customer receiving error 'An error has occurred'.

  • CMSVC-14107: Duplicate key issues in smartGroup.SmartGroup_LoadDevicesByCriteria sproc.

  • CRSVC-15930: Workflow (Freestyle) does not get updated with the new version of the app. 

  • CRSVC-9720: Update the Outbound Proxy Tooltip content to include restarting of all AirWatch services. 

  • CRSVC-15533: Windows custom baseline does not work as expected. 

  • CRSVC-15601: URL is subject to modification of file name and execution of another file. 

  • ENRL-2182: Encrypted string for EnrollmentUser Display Name is changing constantly. 

  • FCA-192093: The diagnostics settings section has no subpages for AirWatch administrators. 

  • FCA-193289: While adding admin role, the console is using auto-lookup for passwords.

  • FCA-193579: In Workspace One UEM, the total count and actual device count does not match in the Device search API results.

  • FCA-194885: Invalid date format for non-US English Locales when assigning internal Apps.

  • FCA-194891: Network tabs for few Android devices do not load we get the error "Something unexpected happened. If the issue persists, please contact your IT administrator".

  • FCA-195057: When editing a workflow in Freestyle and making a change, the UEM console fails to save the change.

  • RUGG-8678: Device IP address is not updating in the console. 

  • RUGG-9078: Product List View search queries are overwritten in the filtered view. 

  • RUGG-9211: The App category for the script disappears in the console. 

  • RUGG-9244: UEM does not send Workspace ONE Assist events to Syslog. Patch Resolved Issues
  • ARES-16514: Change Temp Tables to Table Variable in DeviceProfile_SearchByDeviceWebApps. 

  • ARES-16515: Change Temp Tables to Table Variable in RecommendedExternalApplication_LoadAssignedApps.

  • ARES-16516: interrogator.ApplicationList_Save_V2 shows performance degradation. Patch Resolved Issues
  • AAPP-11249: Stored Procedure deviceApplication.VppLicenseReconcileByDeviceOnUnEnrollment impacting DB Server.

  • AMST-30228: DeviceQuery Command queues up 8 FastLaneWNSOutbound messages.

  • ARES-16567: Seeing high TempTable contention due to Application_SearchByDevice sproc.

  • CMSVC-14368: smartGroup.SmartGroup_Search causing high waits and CPU resulting in overall slowness.

  • FCA-195257: Change Degree of Parallelism for sproc mobileManagement.EnrollmentUser_DeviceGridSearch_V2.

  • MACOS-1707: Sensor Assignment only shows the top 500 Smart Groups.

  • MACOS-1708: Seed macOS Hub 20.11.1 in UEM. Patch Resolved Issues
  • AGGL-9090: Apps API returns 500 status code when invoked for Android device. 

  • ARES-16842: SCEP profile for Windows does not work when enabled proxy.

  • CRSVC-16653: Reduce the impact of Expensive App Catalog calls. 

  • CRSVC-16778:  Duplicate calls are being made to API. 

  • PPAT-8339: Device Traffic Rules are missing when you upgrade the environment from 2003 (or above) to the latest console. Patch Resolved Issues
  • CMSVC-14464: Admin List View page is not loading. 

  • CRSVC-16873: Directory services not updated when conditional access is enabled. 

  • PPAT-8352: When non-default DTR is selected in the SDK settings, Tunnel configuration fetch fails. Patch Resolved Issues
  • AAPP-11282: Performance issues when saving the last MDM received status for Apple devices. 

  • AAPP-11453: Database performance issues when loading device updates on an individual device level. 

  • ARES-17024: Migrate application blobs stored in the database to the FileStorage and CDN Origin server. Patch Resolved Issues
  • AGGL-9321: Applications and profiles get removed when end-user checkout on an android rugged device. 

  • CRSVC-17082: Disabling DSM feature flag causes error logs in the production. Patch Resolved Issues
  • AMST-30900: Seed the v2011 Patch Hub to the UEM console. 

  • FCA-195543: Reduce extra calls from smart group components.

  • FCA-195547: Improve Execution Time of Stored Procedure for the device last seen. 

  • FCA-195548:Cannot load Device Details View page for Unenrolled devices. Patch Resolved Issues
  • AAPP-11566:  Disabling Activation Lock from UEM fails if enabled from Find My Phone. Patch Resolved Issues
  • AAPP-11565: Unmanaged profile gets removed when same profile is pushed via UEM console (without assignment) and removed. Patch Resolved Issues
  • AMST-31385: Sensor results not showing on sensors tab due to Sensors PATCH call not being respected. 

  • CRSVC-18271: Addressing encryption/signing issues on Device Services, leading to device communication failures caused by Microsoft bug that's part of latest Windows updates.

  • FCA-195561: Unable to bulk delete devices. 

  • MACOS-1968: MACOS Sensors not returning data to UEM console. Patch Resolved Issues
  • CMEM-186223: AW.Meg.Queue.Service showing a consistent increase in DS Memory Usage. 

  • FCA-196054: Unable to delete unenrolled devices from Device Details or Device List View page. Patch Resolved Issues
  • CRSVC-18756: Addressing gap in encryption/signing issues fix that was provided in the previous patch. Patch Resolved Issues
  • RUGG-9634: Certificate profile not getting installed in Zebra Printers. Patch Resolved Issues
  • AMST-31919: Compliance status is shown as "Not Available".

  • CMSVC-14781: Performance improvement of Add/Update and change LG for Enrolment User API

  • CRSVC-19087: Force reinstall EG profile puts other profiles in pending state on Console. 

  • CRSVC-19206: Add allowed to list in security settings for api documentation page. Patch Resolved Issues
  • AAPP-11808: Missing management options for iOS Workspace ONE Hub registered devices. 

  • ARES-17905: Allow admin to save JSON, XML, and plain text for custom settings. Also, show a warning msg in case of invalid JSON or XML. 

  • CRSVC-19534: All certificates are in an unknown state. 

  • FCA-196341: Delete device fails when there is no associated enrollment user. Patch Resolved Issues
  • CRSVC-19612: Escrow Gateway as Credential with Exchange Server profile. 

  • CMEM-186300: Email clients are blocked incorrectly due to Inactivity Compliance Policy. 

  • CMEM-186302: Device policies API reports incorrect data. Patch Resolved Issues
  • AGGL-9859: Android Devices stuck in "NotAvailable" compliance status when Device Events are handled out of order. 

  • ARES-18100: Unable to save XML configs under custom settings on SDK profile. Error "Invalid JSON Format". 

  • CMEM-186317: AllowList/DenyList does not work properly on Un-managed records on Email list view. 

  • CRSVC-20038: Time schedule option is not available when logged in via role admin having all write access

  • CRSVC-20258: Feature Flag Framework does not work as expected. Patch Resolved Issues
  • AGGL-9882: Android Enrollment has issues while using AOSP/Closed Network. Patch Resolved Issues
  • AAPP-11967: Incorrect number of SIMs shown in Device Details for iOS devices. 

  • CRSVC-20698: StagedSmimeCertificatePayload in DB is set to 0x instead of NULL which caused an issue fetching certs from EG. 

  • ENRL-2761: User input validation and error handling during web enrollment steps. 

  • PPAT-8910: Error thrown while saving tunnel Configuration due to tunnel Microservice errors. 

  • INTEL-29431: ETL | Managed Applications missed in Initial Export. 

  • INTEL-29430: Console database | Checksum is leaving out applications that are not in MAL but are in IAL (managed apps that have been installed on the device directly). Patch Resolved Issues
  • AAPP-11965: The default setting when wiping a device is "Preserve Data Plan."

  • AAPP-12047: SIM Change compliance does not work on DualSim iOS devices.

  • AGGL-9887: Profiles with empty user certificates should not be pushed to devices. Patch Resolved Issues
  • AGGL-9987: Profiles and Apps not assigned for the devices in Checkout.

  • CRSVC-21177: Multiple challenges for SCEP or PKI. Patch Resolved Issues
  • CRSVC-21527: Add support for resiliency for compliance evaluation. Patch Resolved Issues
  • ARES-18821: The app is not displayed in the catalog for users who are not members of the UserGroup added to the Denylist app group.

  • ENRL-2884: Unable to enroll macOS Big Sur devices when an OS version restriction policy is configured. Patch Resolved Issue
  • ARES-19034: To avoid updating values in incorrect columns, the ApplistSample parameter requires an ordering attribute.

  • AAPP-12286: Generate unique PayloadIdentifier in the configuration profile on push. Patch Resolved Issues
  • AGGL-10411: Database transaction causes timeouts in application publish smart group unassignment flow. Patch Resolved Issues
  • AGGL-10588: PerAppVPNAssociation mapping failing intermittently. Patch Resolved Issues
  • AAPP-12489: Custom app save fails if the same iOS public app presents at the same LG.

  • AGGL-10590: Android 10 not picking up registration records. Patch Resolved Issues
  • AAPP-11566: Disabling activation lock does not work for dual SIM devices.

Known Issues

The known issues are grouped as follows.

  • ARES-17237: The lookup filed will not be resolved while accessing through SSP.

    The profile entity with all the resolved lookup values was discarded and the entity is loaded again from DB. Because of this, the EAS profile is not populated with user details.

    As a workaround, install from the admin console.

  • ARES-17539: The lookup variable "EmailAddressPrompt" for the iOS EAS profile does not pick the value specified in SSP.

    When using SSP, the lookup field is not resolved. The profile entity with all of the resolved lookup values was discarded, and the entity was loaded from the database again. As a result, the EAS profile is not populated out with user information.

    As a workaround, install from the admin console.

  • CMSVC-14182​: Assign Tags are seen when a device is selected. 

    A deprecated feature is exposed. Might lead to confusion. 

  • ARES-18495: Customers are unable to access the Provisioning Application Component page, which prevents them from viewing or adding applications.

    If you follow these steps, you can see the "An error has occurred" page.

    1. Log into WS1 UEM Console.
    2. Navigate to Devices > Provisioning > Components > Application.
    3. Add an application to any of the Major, Minor, or Build versions greater than 32767.
    4. Save the application and navigate back to Devices > Provisioning > Components > Application.

    As a workaround, use the MAM Delete API to delete the specific application that has a version field greater than 32767 and is causing the issue. If the same application is uploaded again, the same issue can arise. This workaround is allowed for temporary unblocking for other applications to be added.

  • AAPP-11143: Valid APNs for Apps certificates are replaced with invalid certs when upgrading to a version of UEM that has outdated certs 

    Valid APNs for Apps certificates are replaced with invalid certs. 

    As a workaround, run the APNs cert custom seed script again after the upgrade

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

Content Management
  • CMCM-188854: Renaming Folder in Sharepoint and trying to sync is giving 404 or an empty XML.

    Error message is displayed in the user interface. 


  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on console. 

    As a workaround, set the date one day prior to your intended expiration date.  

  • PPAT-7896​: Signing cert won't get generated & updated in few scenarios. 

    VPN Profile installation fails if the customer moves from the third party to AirWatch CA for the client authentication and when they delete and re-add the tunnel configuration

    As a workaround, click on the Regenerate option under the client authentication section under the Tunnel configuration page and publish the profile

  • AMST-32922: Windows Desktop App added via BSP is failing to install on the device.

    The issue arises when BSP apps are imported for Windows Phone and the same app is supported on the Windows Desktop platform and admin imports for Windows Desktop. In such a case, the BSP app installation on Windows Desktop fails.

check-circle-line exclamation-circle-line close-line
Scroll to top icon