Went live on March 8, 2021

VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2102 and a list of the resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

Once our phased rollout is complete, we will announce general availability for on-premises and managed hosted customers. For more information, see the KB article

New Features in this Release

Android

  • We've made enhancements to the UEM console to enable the clear passcode capability using Direct Boot.
    Apps do not run during the Direct Boot mode by default, which is when the device has been powered on, but the user has not unlocked the device. We've made some modifications in the UEM Console that allows you to send a clear passcode command with Workspace ONE Intelligent Hub for Android while the devices are in the Direct Boot mode. Direct Boot is only available on Android 7.0 and above devices that support a specific type of file-based encryption. For more information, see Android Device Management
  • We have introduced a native experience to using your Android devices as shared devices. 
    Native Android using Check-In Check-Out for shared devices supports simpler use cases that do not require as much customization as Launcher. You can create secondary users, use simple branding, implement restrictions, and limit applications.
    For more information, see Configure Shared Android Devices for your Shift Workers

Chrome OS

  • Let multiple users securely share the same device within your organization.
    With Managed Guest Sessions, you can now use your devices as shared devices among multiple users within the organization. It enables Chromebook to log in and out as a shared user, encouraging different users to securely share the same device for web browsing, inventory lookup, job applications, or school exams. Shared users have limited access to the device and data cannot be shared between sessions. For more information, see the Kiosk section of Chrome OS Profile Management

Freestyle

  • Technical Preview: ​Schedule Resource Installs At Your Convenience.
    The time it takes to update devices with downloadable content such as apps can be lengthy and the device's performance during this time is often poor, to say the least. The Time Window feature allows you to schedule those updates outside of peak work hours, using the device's local time. You no longer have to choose between keeping your device up to date and being productive.
    Note: Time Windows can be applied only on Freestyle Workflows. Technical preview features are not fully tested and some functionality might not work as expected. However, these previews help Workspace ONE UEM improve current functionality and develop future enhancements. For more information, see Technical Preview: Make a Time Window and Assign it to Devices

iOS

  • Purchase and deploy public apps to your managed tvOS devices.
    ​You can now sync, assign, and deploy tvOS app licenses in the Workspace ONE UEM console. All settings which are available for iOS apps, including installation, configuration, update, and deletion, are now also applicable to the deployment of public apps. For detailed information, see Public Application Management (tvOS).
  • Would you like to check which time zone is set on your Apple devices to evaluate any changes? You can now monitor the time zone of your Apple devices in the UEM console. 
    We let you track the time zone reported by the iOS, macOS, and tvOS devices in the Workspace ONE UEM console under Device Details.

Rugged

  • Relay Server Cloud Connector 3.1.1 Functional as Pure Pull Service
    The newest version of RSCC, 3.1.1 has been updated to work properly as a pull service, making sure to retrieve the next manifest after it makes the get config call. For more information, see Configure a Relay Server Cloud Connector

Tunnel

  • Switch between per-app and full-device tunneling. 
    If you choose to tunnel per application, only the application configured for VPN would be considered and it takes action based on the destination FQDN/IP. If you decide on full device tunneling, it directs all application & traffic from the device through an encrypted tunnel to the corporate data center based on the destination FQDN/IP. For more information, see Configure Network Traffic Rules for the Per-App Tunnel
    Note: Currently we support full device tunnel mode only on Windows Tunnel Desktop Client 2.1 and above.

Windows

  • Use the Autopilot integration in Workspace ONE UEM to deploy domain join for both cloud and on-premises users. 
    We've now integrated Microsoft Autopilot with Workspace ONE UEM to support Hybrid Domain Join. With the new integration, you can combine the on-premises domain join process in Workspace ONE UEM with your Autopilot device configurations that are set in Azure. For details on how to set up this integration, see Integration with Microsoft Autopilot

  • Get email and console notifications when a new version of an existing app in your catalog becomes available.
    You can now simply click "add application" from the console notification and it automatically takes you through the steps to update and distribute the new version of your application. You can also enable notifications for the existing EAR apps by editing them from your Apps and Books section. For more information, see Upload and Configure Win32 Files for Software Distribution.

  • We've deprecated user data windows desktop user profile. 
    We've removed the User data profile from Workspace ONE UEM console. 

Resolved Issues

The resolved issues are grouped as follows.

2102 Resolved Issues
  • AAPP-9795: The iOS Managed Settings page is changed to the "Managed Settings Requested" page.

  • AAPP-11248: Stored Procedure deviceApplication.VppLicenseReconcileByDeviceOnUnEnrollment impacts the DB Server.    

  • AAPP-11279: Device model seed scripts have inconsistent information for iPads.

  • AAPP-11350: Unmanaged profile is removed when the same profile without the assignment is pushed through the UEM console and removed. 

  • AAPP-11501: The Device Details Update tab crashes for Apple devices.

  • AAPP-11625: VppUsersSchedulerNotVisited frequency is very aggressive.

  • AAPP-11679: The REST API call does not create a Workspace ONE Assist session for the iOS devices.

  • AGGL-6949: TempDB Drive is getting full due to smartGroup.AppsForAndroidWorkAppPublishAffectedSmartGroups_Load.

  • AGGL-8256: App Description is missing for Mobile Apps.

  • AGGL-8686: UEM Console fails to clear the older pending system update data when a default value is being passed from the agent.

  • AGGL-8957: Bulk delete fails to honor the configured bulk limit due to the Android Management Filter.

  • AGGL-9019: Unable to add an application assignment when the assignment name has square or curly brackets. The page crashes with an error.

  • AGGL-9317: Applications and profiles are removed when the end-user checkout on an Android Rugged device.

  • AGGL-9395: Unable to send a push message to Android device from the app details page.

  • AMST-29635: Defining Criteria gets removed by API call in the Internal App.

  • AMST-30298: Unable to create Windows Application through API with the Actual File Version.

  • AMST-30670: Uppercase in the Windows AppListSample build version leads to version hash mismatch (EXE/ZIP update).

  • AMST-30814: Newly created admin role with full permission does not show "Windows Desktop" settings.

  • AMST-30847: "Not Configured" settings in the Windows Restrictions profile, does not save the value on the profile.

  • AMST-30923: Sensor results are not displayed on the sensors tab.

  • AMST-31155: F5 Edge VPN profile sends wrong application id for Windows 10 20H2 device.

  • AMST-31388: Friendly name changes in the troubleshooting events.

  • AMST-31376: The BitLocker key is missing from the UEM console.

  • AMST-31435: After the 2010 Console Update to 2101, the devices have the user context command stuck in the queue.

  • AMST-31493: Compliance Encryption Policy for Windows 10 devices only fails for devices that are already enrolled when the BitLocker policy is updated to the latest version.

  • AMST-31061: Unable to edit the custom configuration XML on Windows VPN profile.

  • AMST-31450: Force BIOS Password Reset is changed to DISABLED and unable to revert to ENABLED.

  • ARES-7519: Images uploaded for tablets and mobiles are not filtered for Internal Apps.

  • ARES-7835: Does not fetch the DeviceUDID {DeviceUid} lookup field from the published appCatalog webclip or bookmark profile in Workspace ONE WEB.

  • ARES-16057: Lookup values added from the Add option while creating custom templates by copying to the default templates for the Application category are not resolved.

  • ARES-16681: SCEP profile for Windows does not work when a proxy enabled .

  • ARES-16710: Performance improvement for ApplicationList_Save_V2.

  • ARES-16857: Unable to publish application due to "deviceApplication.SyncDevicesForPublicAndPurchasedApp" timing out.

  • ARES-16872: "Release to devices" action on App Removal logs for a few app errors with "Access Denied, Door is locked" message.

  • ARES-16873: CreateInternalApp does not validate when the application blob is created with the correct module.

  • ARES-16919: Installed Status in Profile list export always returns values 0/0/0.

  • ARES-17056: Quick view of installed count for iOS apps times out for some apps with large assignments.

  • ARES-17099: Access assigned or installed app information for devices at sibling OGs.

  • CMCM-188880: EnterpriseContent.ContentRepository_Search sproc is called ~3000 times in one hour.

  • CMCM-188898: Content categories search performance is delayed post UEM upgrade to 20.10.

  • CMCM-188925: Able to download Workspace ONE managed content from the sibling OG.

  • CMCM-188958: Corporate file servers are not visible with MCM licencing.

  • CMEM-186217:  "Run Compliance" action errors out when there is an error accessing Device data.

  • CMSVC-13695: Console Admin Delete results in an error when the admin has a long email address.

  • CMSVC-14140: Event is not recorded when an admin changes a tag assignment for a device.

  • CMSVC-14208: Batch import user groups does not reflect friendly name.

  • CMSVC-14457: Performance issues with smartGroup.SmartGroupThumbprint_Save_V4 SP.

  • CMSVC-14458: Admin List View page is not loading.

  • CMSVC-14562: The error code described in API Explorer for V2 API - DELETE /users/ {uuid} is not correct. It says the error code is "6290", but it is "6198".

  • CRSVC-7871: The VMware AirWatch has a swagger console implemented which is vulnerable to DOM XSS.

  • CRSVC-15193: Response Headers "X-RateLimit-Reset" for Rest API value.

  • CRSVC-16021: CertificateStatus_LoadBySerialNumber causes high waits and CPU that results in overall slowness.

  • CRSVC-16038: The Time schedule option is unavailable when the role admin with all the write access logged in through the UEM console.

  • CRSVC-16324: Duplicate calls are being made to API.

  • CRSVC-16470: Read-only role has access to actions that must not be there.

  • CRSVC-16611: SystemCode_DeleteAllObsolete fails with FK reference error during the DB Upgrade. 

  • CRSVC-16890: The last compromised scan policy shows non-compliant iOS devices in the UEM console.

  • CRSVC-17365: Baseline reports fails to filter results for compliance results.

  • CRSVC-17471: Wrong data format is shown in the message template.

  • CRSVC-17954: iOS DEP MDM Enrollment Completed command not generated.

  • CRSVC-17494: EventDataList value in the Device EventLog API returns an empty value.

  • CRSVC-17807: CA connections failed.

  • CRSVC-17979: Certificates uploaded through the UploadSmimeCerts API are failing regularly.

  • FCA-195058: Unable to see Report Subscription that is greater than the page size.

  • FCA-195127:  Firefox browser displays insecure page for the /MyDevice/Login.

  • FCA-195246: Notification_LoadCount times out when executed by API.

  • FCA-195357: Multiple duplicate records seen in the "Device Usage Detail" report.

  • FCA-195384: Application management role is broken after introducing Resources.

  • FCA-195407: Cannot load Device Details View under certain circumstances.

  • FCA-195481: EAP Wi-Fi fails to connect on AE Android devices when we re-enroll the device without deleting the old device record from the UEM Console.

  • FCA-195486: Unable to delete devices in bulk

  • FCA-195527: Access user email address for devices at sibling OGs.

  • FCA-195752: API V3 GET/devices/search always returns the Device ID as 0.

  • INTEL-19803: Remove privacy check from the existing IP address field and introduce a new field for public IP.

  • LUEM-169: Arithmetic overflow errors due to data type inconsistency in the Device Load.

  • LUEM-180: Page Not Found error for the UEM console homepage.

  • MACOS-1710: Read-only role has actions that must not be available for installing Intelligent Hub for macOS.

  • MACOS-1823: The “Workspace ONE Mobileconfig Importer” Fling stopped working in UEM 20.11.

  • MACOS-1965: Sensors do not return data to the UEM console.

  • MACOS-1972: AvailableOSUpdate query prevents updates to macOS 11.2.

  • PPAT-8407: Unable to copy a VPN profile.

  • PPAT-8412: Upgrade process fails to upgrade the database due to foreign key constraints on the tables storing Tunnel configuration and System code data.

  • PPAT-8508: Unable to save the Tunnel configuration.

  • RUGG-8596: Deploying a Wi-Fi payload with a certificate profile to a Zebra Printer does not connect to Wi-Fi. 

  • RUGG-9305: REST API on a batch processing fails with the error code 500.

  • RUGG-9353: DB Upgrade fails with foreign key constraint error.

  • RUGG-9367: Unable to delete Android products intermittently.

  • RUGG-9456: UEM does not send detailed Workspace ONE Assist session events to UEM or Syslog.

  •  RUGG-9520: Product delivery is halted, or unprocessed CSI items.

  • RUGG-9577: Unable to start Windows Remote Assist in an unattended mode with the app version 2011 on AAD joined machines.

  • RUGG-9585 - Failure in downloading files from CDN intermittently when CDNEnabledForProvisioningProduct Systemcode is enabled.

  • RUGG-9575 - Handle arithmetic overflow exception in handlemanifest flow.

  • RUGG-9537 - Forbidden error on RSCC contacting ContentPull when downloading files from CDN.

  • RUGG-9655 - Failure when connecting to FTPS server.

21.2.0.1 Patch Resolved Issues
  • AAPP-11775: Class Sync failing due to SQL timeout.

  • AAPP-11789: Intelligent Hub deployed via VPP is not auto-installing on DEP enrolled Devices. 

  • AGGL-9645: Compliance status shows "Not available" on device list view which is causing issues with SSO on Access. 

  • AMST-31918: Compliance status shown as "Not Available" for OOBE enrolled devices.

  • AMST-32029: OOBE enrollment not going through for devices. 

  • ARES-17705: Ordering attribute is required for ApplistSample parameter to avoid update values in wrong columns. 

  • CMSVC-14780: Performance improvement of Add/Update and change LG for Enrolment User API. 

  • CRSVC-19088: Force reinstall EG profile puts other profiles in pending state on Console. 

21.2.0.2 Patch Resolved Issues
  • AAPP-11838: Fix the availabilityType to include Ipad when the supported model is IphoneOnly. 

21.2.0.3 Patch Resolved Issues
  • CRSVC-19532: All certificates are in an unknown state.

21.2.0.4 Patch Resolved Issues
  • PPAT-8697: Error thrown while saving tunnel Configuration due to tunnel Microservice errors. 

  • CRSVC-19611: Escrow Gateway as Credential with Exchange Server profile. 

  • CRSVC-20033: Unable to send Apple EG profile to the device as it is stuck in Pending Information. 

  • AGGL-9699: Publishing VMware Tunnel profile extremely slow to add commands in Held status. 

  • AGGL-9698 Per-App doesn't show as whitelisted in the Tunnel app.

  • CMSVC-14821: CSV Injection allowed in batch import of Users, Admins, and Devices. 

  • MACOS-2108: Export button is not working in Device Details -> Sensors Tab. 

  • FCA-196339: Delete device fails when there is no associated enrollment user. 

  • CMSVC-14761: Enrollment Users are created/updated with the domain as an empty string instead of a null value. 

21.2.0.5 Patch Resolved Issues
  • AAPP-11789: Intelligent Hub deployed through VPP does not install automatically on DEP-enrolled devices.

  • AAPP-11807: Missing management options Workspace ONE Hub for iOS registered devices. 

  • AAPP-11889: iOS public apps assignment removed once app's availabilitytype is updated to TVOS supported

  • ARES-17983: After saving and publishing the change, the Custom SDK Profile does not trigger the install profile command queue.

  • CMEM-186301: Device policies API reports incorrect data.

  • CRSVC-20147: Client certificates do not push after upgrading to 2102 if the template contains a lookup for UserDistinguishedName.

  • RUGG-9672: Product total count always shows as 0 via the API GET query if you are using the UEM console 2005 version or later.

  • RUGG-9673: Clicking the dependency button on products gets an error message.

21.2.0.6 Patch Resolved Issues
  • AMST-32271:Device update page to show updates for all tenants. 

  • CRSVC-20233: Issue with throttling found during performance testing. 

21.2.0.7 Patch Resolved Issues
  • AAPP-11886: Disabling activation lock doesn't work for dual SIM devices.

  • AAPP-11911: PIV-D Cannot Pull Down Xtec Derived Credentials (iOS). 

  • AGGL-9819: Legacy app catalog is not available in Hub when a device changes OGs. 

  • AGGL-9820: UEM servers sometimes return responses slowly for /API/mam/apps/{deviceUdid}/{appId}/{appType}/{deviceType} API. 

  • AMST-32282: Windows Desktop Device with V2 agent and single non-encrypted drive is not compliant with Bitlocker SystemDriveNotEncrypted policy. 

  • CMEM-186316: AllowList/DenyList does not work properly on Unmanaged records on Email list view. 

  • CRSVC-20184: Only certs displayed are based on the expiration time mentioned in the certificate template. If the certificate expires in 14 days and auto-renewal in the certificate template is set to 14 days or higher, the certificate will be displayed. 

  • CRSVC-20257: Feature Flag Framework fails to handle errors from the cache.

21.2.0.8 Patch Resolved Issues
  • AAPP-11903: Class Sync fails due to SQL exception. 

  • AAPP-11909: Generate unique PayloadIdentifier in configuration profile on push. 

  • AAPP-11959: Selective App List Sample Delay. 

  • AAPP-11966: Incorrect number of SIMs shown in Device Details for iOS devices. 

  • ARES-18099: Unable to save XML configs under custom settings on SDK profile. Error "Invalid JSON Format". 

  • ENRL-2759: User input validation and error handling during web enrollment steps. 

  • CMSVC-14878: Assignment Group  Page navigation is greyed out. 

  • MACOS-2129: XML generated has an empty array for the key OnDemandRules for F5 Access VPN type.

  • MACOS-2140: Seed 21.04 macOS Intelligent Hub to UEM console. 

21.2.0.9 Patch Resolved Issues
  • ARES-18249: Lookup variable "{EmailAddressPrompt}" for iOS EAS profile does not pick the value specified in SSP. 

  • CRSVC-20697: StagedSmimeCertificatePayload in DB is set to 0x instead of NULL which caused an issue fetching certs from EG. 

  • CMEM-186331: Sync mailbox does not work as expected.

  • AAPP-12016: Push Notifications for iOS do not work as expected.

  • AGGL-9886: Profile with empty user certificates should not be able to be pushed to the device.

  • CRSVC-20702: Add threshold to parallel calls in device state migration tool. 

21.2.0.10 Patch Resolved Issues
  • AMST-32454: Data platform service was in hung state.

21.2.0.11 Patch Resolved Issues
  • AMST-32553: Migration script to insert missing recovery keys from DiskEncryptionSample table. 

  • AMST-32572: AssetNumber is not getting resolved in Friendly Name Format.

  • ARES-18458: Globalization fix for greenbox API to fetch the application details.

  • ARES-18476: Inconsistency in app size between list view and detail view for internal apps.

  • CRSVC-21079: App publish fails when adding a new version of the application.

21.2.0.12 Patch Resolved Issues
  • AGGL-9972: Change certificate Verification logic and add additional logging.

  • CRSVC-21081: Able to delete SG that is associated with an active workflow.

  • CRSVC-21323: App Details View > Deployment Progress cards showing workflow type AWEntitySmartGroupAssignmentMap records.

  • ENRL-2819: Existing device records in an unrolled state on the UEM Console are unable to re-enroll until the device record is deleted.

  • INTEL-30052: The Manufacturer Name field is not populating for all devices.
     

21.2.0.13 Patch Resolved Issues
  • AMST-32681: DeviceReportedName temporarily reports incorrectly causing carts pushed at the time to have incorrect SubjectName.

  • CRSVC-21322: Update the migration tool to create a device with a new tenant.

  • CRSVC-21578: Unable to load the Device List View.

  • MACOS-2233: "Install Intelligent Hub for macOS" option not available.

  • PPAT-9164: Events are not triggered when the compliance status of the device gets changed from "PendingComplianceCheck".

21.2.0.14 Patch Resolved Issues
  • AAPP-12167 Intelligent Hub doesn't send location data and geofencing not working as expected.

  • ARES-18723 User changed message prompt in iOS Hub post console upgrade to 2102

  • CMSVC-15166 Bulk limits should not return 403

  • ENRL-2864 Unable to enroll macOS Big Sur devices when an OS version restriction policy is configured

  • FCA-197667 Device List view exports are failing due to timeout

21.2.0.15 Patch Resolved Issues
  • AMST-33027: Device List view exports are timing out.

  • AMST-33138: Loading Script assignment throws an error when Script Assignment Name is greater than 64 characters.

21.2.0.16 Patch Resolved Issues
  • AAPP-11909: Generate unique PayloadIdentifier in configuration profile on push.

  • AGGL-10361: Enhanced Work Profile device actions should support Change or Clear Work passcode.

  • AMST-33160: Performance stats for branch cache are missing in consoleUI.

  • RUGG-9936: LocationGroup Cleanup failed due while Purging expired sample data.

21.2.0.17 Patch Resolved Issues
  • CMEM-186444: Error observed while making calls to device state service.

  • CMEM-186445: Add checks to avoid exceptions being bubbled up while consuming Device state service.

  • CRSVC-23107: SIM card not detected in Device Summary Page.

21.2.0.18 Patch Resolved Issues
  • ENRL-3005: Database issues.

  • CMSVC-15365: Unable to create AD admin account in the child OG.

  • AAPP-12454: Stored Procedure putting load Database Server CPU.

  • AGGL-10486: Custom-friendly name changing on Android devices using CICO.

21.2.0.19 Patch Resolved Issues
  • AAPP-12435: The iOS VPN Profile IKEv2 fails to save EAP settings.

  • ARES-19825: Primary key constraint violation.

21.2.0.20 Patch Resolved Issues
  • AGGL-10614: App Catalog profile does not land after DA->PO migration.

  • CMSVC-15505: Need to log enrollment user id in user group merge.

21.2.0.21 Patch Resolved Issues
  • AAPP-12615: Enrollment fails for DEP Custom Enrollment and Proxy Authentication Use Case. 

Known Issues

The known issues are grouped as follows.

Console
  • ARES-17319:If customer wrap commands in <atomic> element for custom payload, the workflow status will not be reported as complete. However, the profile installation will go through. This impacts only workflow status reporting in such a scenario.

    The issue is specific to the SyncML generation logic in DeviceServices. For identifying if the OmaDM profile installed the SyncML is updated with node cache commands that contain the profile UUID. The implementation adds node cache entry if the <atomic> element present at the beginning of the SyncML, but we are executing this add node cache entry in SyncML even if <atomic> is present anywhere in the SyncML.

    If such a problem occurs, check the custom payload SyncML for any <atomic> elements and remove them.

  • ARES-17539: The lookup filed will not be resolved while accessing through SSP.

    The profile entity with all the resolved lookup values was discarded and the entity is loaded again from DB. Because of this, the EAS profile is not populated with user details.

    As a workaround, install from the admin console.

  • AMST-32922: Windows Desktop App added via BSP is failing to install on the device.

    The issue arises when BSP apps are imported for Windows Phone and the same app is supported on the Windows Desktop platform and admin imports for Windows Desktop. In such a case, the BSP app installation on Windows Desktop fails.

  • ENRL 2860: If the customer has blacklist or whitelist restriction policies based on the OS version of the devices, those restrictions may not be honored by the devices.

    UEM has OS Versions seeded in the format "OS Name major version>.minor version>.build>". When a policy is generated, UEM saves the seeded OS ID for that policy. When a device enrolls, it communicates the OS Version in the string format "major version>. minor version>.build>." During enrollment, UME attempts to resolve the OS Version ID by first looking up the OS Version against the seeded value. The system now resolves it by performing a contains-based search on the name of the OS version. As a result, if another OS version has the string, the incorrect OS version can be rectified.

Content
  • CMC188970: Admin with App Management role is getting the Content menu.

    Login to the UEM console using Application Management Role. Observe that the admin is getting the Content menu option. Click on the Content menu option, it will ask to configure Workspace ONE Access and the Workspace ONE Access page is not accessible for the Application management role.

  • CMCM-188926: Discard Checkout option does not show up after Checkout. 

    SharePoint check-in/Check-out with Content App does not work as expected.

    As a workaround, users can check files back in on the web.

  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on console. 

    As a workaround, set the date one day prior to your intended expiration date.  

Apple
  • AAPP-11689: IKEv2 VPN profile not configured correctly. 

    iOS VPN Profile of type IKEv2 fails to save EAP checkbox.

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

  • AAPP-12501: The restriction profile is not removed when the iOS device is checked out.

    Profile removal and installation occur when devices move across siblings during a check in checkout or manually move and the final device organization group is not in the profile's hierarchy.

    Perform the following steps as a workaround:

    1. Shift the Profile to a higher OG (OG name shell).
    2. The DPDP table must be updated with the profile sample. (The sample scheduler job will update all devices' profiles within 4 hours.)
    3. After the sample has been updated in the DPDP for all devices, save and publish the profile to initiate the profile sync and queue the remove command.
Freestyle
  • ARES-17497: When a customer wraps commands in an <atomic> element for a custom payload, the workflow status is not reported as complete. The profile installation, on the other hand, is successful. In such a case, this only impacts workflow status reporting.

    The issue is specific to DeviceServices' SyncMl generation logic. To determine whether the OmaDM profile is installed, the SyncML is updated with node cache commands containing the profile uuid. The implementation adds a node cache entry if the <atomic> element is present at the start of the SyncML, but we are executing this add a node cache entry in SyncML even if the <atomic> element is present anywhere in the SyncML.

    If such this issue occurs, check the custom payload SyncML for any <atomic> elements and remove them.

  • CRSVC-23531: Customers using Freestyle workflows in tech preview are unable to receive workflows for certain devices.

    To schedule DSM/Workflow sync, Hub Services require a user session. If the user is not logged in because of a missing user session, DSM sync will not be scheduled, and workflows will not be synced on devices.

    We do not have any workaround for this issue.

Windows
  • HUBW-5856: On-demand script workflows cannot be run on the device.

    The problem occurs when the console version is 2102 or lower and the device is enrolled with the Hub version at the same time (2105 or higher). In such a combination, On-Demand Script workflows cannot be executed on the device.

    We do not have any workaround for this issue.

check-circle-line exclamation-circle-line close-line
Scroll to top icon