Went live on June 9, 2021

VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced in 2105 and resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

Once our phased rollout is complete, we will announce general availability for on-premises and managed hosted customers. For more information, see the KB article

Getting Ready for Apple Fall 2021 Releases

Learn more about the upcoming Fall 2021 releases for Apple. See Getting Ready for Apple Fall 2021 Releases for more information.

New Features in this Release

Console

  • Coming Soon - Deploying Android and tvOS profiles is now faster and easier with the new data-driven user interface. 
    We are eager to get the new DDUI feature to you, but we want to make sure to resolve any issues that might affect usability.
  • You can use this feature in the coming weeks as we roll it out. You will notice updates to your user interface when it is available.
    You can configure profiles for Android and tvOS platforms using the new data-driven user interface, which includes new payload layouts, search capabilities, and profile summary. This data-driven model also allows new keys and payloads released by Google and Apple to be added to Workspace ONE for admins to deploy much more rapidly. For information specific to Android profiles, see How to Configure Android Profiles and for Apple tvOS profiles, see Apple tvOS Profiles.
     
  • Technical Preview: Maximize your search results with wildcards in the UEM global search.
    You can now use asterisk wildcards in your global searches to boost your search results. Wildcard support in the UEM global search is a technical preview feature. Technical preview features are not fully tested, and some functionality might not work as expected. However, these previews help Workspace ONE UEM improve current functionality and develop future enhancements. For more information, see Global Search.
  • We've added a limit on bulk device deletions.
    To prevent you from accidentally deleting more devices than you intended from your tenant or organization group, we have implemented a limit on bulk device deletions. The new limit (100 devices) is enabled by default and does not require any changes to the system settings.

  • Enable or disable Hub Services experience at any child OG level in the OG tree.
    We've implemented Hub integration at the OG levelFor more information, see Configure Enrollment Options on Hub Integration.

Android

  • Are you having trouble accessing Launcher features when your devices are not connected to a network? We've got a solution. Designate your Launcher profile as an offline mode profile.
    Offline mode profiles can now be accessed when the device is offline and allows you to continue your work even when you are unable to log in. For more information, see Configure Launcher Profile.

  • Coming Soon - Introducing Data-Driven Profiles for your Android devices – A faster way to take advantage of the new MDM APIs. 
    You will see several changes within your Android profile configuration with new profile layouts, search capabilities, and summary pages.

    • The Single App Mode profile has been renamed to Lock Task Mode which allows you to lock a single or pre-determined set of apps to the foreground of the device launcher. You can add apps to an allow list and set specific actions such as the use of the Home button or Show Recents with global action.
    • You can now specify if your users can use the autofill feature with their devices. Some apps can fill out the views in other apps with data previously provided by the user. You can enable or disable this feature in the Restrictions profile.
    • The Date/Time profile has been added to allow you to configure the Date and Time settings on Android 9+ Work Managed devices as well as prevent the user from modifying the configuration.
    • Under the Restrictions profile, calendar apps running in the personal profile can now show events from the work profile calendar. There is a new option, Enable cross profile calendar access in the profile that allows you to set this permission. This is available for Android 10 or later devices and requires support by the calendar application to share the calendar data with the system.
  • We now support device-based accounts with Corporate Owned Personally Enabled (COPE) enrollments. ​
    For scenarios where devices are not associated with a specific user, the enrollment settings have been updated to include device-based enrollments. This is useful for single-user staging when devices are enrolled before being given to the end-user. If Device-Based is selected, unique device-based accounts are generated on enrollment rather than re-using an existing managed Google account if the user has already enrolled a previous device. For more information, see Android Device Enrollment.
  • Want to make sure your devices are secure? Perform security audits on Corporate Owned Fully Managed Android devices by collecting a Security Log. 
    The security logs report possible security breaches on the device by reporting certain pre and post-boot activity, such as authentication attempts, credential storage modifications, attempted ADB connections, and more. You can customize this request in the Device Details. For more information, see Android Device Management.
    Note: This requires an upcoming version of Workspace ONE Intelligent Hub. 

  • Automatic seeding of Android Manufacturers and Models. 
    Android device manufacturers and models are now added to the console automatically upon enrollment or device sync.  The OEM and models can be used for enrollment restrictions, compliance policies, and the newly introduced Android OEM & Model filter in Smart Groups.

Chrome OS

  • Automatically place devices in the intended Organization Groups.
    Chrome OS devices can now be placed into the expected Organization Groups based on User Group Membership. The UEM Extension for Chrome OS will report the current logged-in user, and the device record is automatically moved into the respective Organization Group.

macOS

  • Simplify macOS device provisioning with a new post-enrollment onboarding experience. 
    Keep users informed on the device provisioning process after enrollment completes with the new onboarding experience built in Workspace ONE Intelligent Hub. After enrollment is finished, Intelligent Hub will display a new window, tracking all incoming application installs. Administrators can enable and customize the experience in the UEM Console. For more information, see Enable Post Enrollment Onboarding Settings
  • Streamline enablement of Intelligent Hub on macOS endpoints.
    The existing seeded Privacy Preferences profile for macOS Intelligent Hub now also includes the Notifications payload and System Extensions payload to automatically enable all Intelligent Hub functionality on endpoints without needing to create the profiles yourself.

  • Allow standard users access to privacy permissions on macOS Big Sur. 
    With new keys in the Privacy Preferences profile, administrators can now enable users with standard permissions on macOS Big Sur to allow video conference tools to perform Screen Recording and Input Monitoring services.

  • Trigger macOS Sensors based on network. 
    With the new Network Change trigger, administrators can now configure Sensors to run whenever the device's network status changes. For more information, see Create a Sensor for macOS Devices.

Tunnel

  • Ability to support Tunnel Device Traffic Rules for Samba Domains for iOS Platform. 
    You can now add a Rule for Samba Domains in the Tunnel Device Traffic Rules UI. This feature is only supported for the iOS platform. For more information, see Create Device Traffic Rules.

Windows

  • Welcome Windows app approvals. 
    If you are using Windows Hub Client version 21.05, you can now justify when requesting Windows apps from the Hub Catalog. For more information, see App Approvals

  • Introducing BitLocker To Go Support. 
    Use the Workspace ONE UEM to require the encryption of removable drives on your Windows 10 devices with BitLocker.
    Just select the Enable BitLocker To Go Support check box in your encryption policy. When you enable support, users are prompted for a password, encryption happens and Workspace ONE UEM escrows the recovery key for the drive. 
    Users enter this password every time they access the removable drive on their devices. Find the encryption profile in the console at Devices > Profiles & Resources > Profiles. If users forget their passwords, you can recover the drives using the recovery key stored in the console at  Devices > Profiles & Resources > List View > Removable Storage tab. If you see thousands of recovery IDs, use the available filter functions to find the exact key you need. 
    For details about this support, see Encryption

  • Suspend and resume BitLocker on Windows 10 devices from the console.
    Use the More Actions > Suspend BitLocker or Resume BitLocker menu item in your device records to help your Windows 10 users without permission to control BitLocker. Choose to suspend a device and allow 1-15 reboots to conduct maintenance on a system, or resume BitLocker if it was suspended previously.
    For details about this feature, access Windows Desktop Device Management > More Actions

  • Create a domain join configuration for a Workgroup, and optionally create a local administrator account with Workgroup Join for Windows.
    You can now use Workspace ONE UEM to join your Windows devices to a Workgroup. For details, access How Do You Deploy Domain Join Configurations for Windows Desktop?.

  • Duplicate baselines and edit the copies without the risk of compromising the original baseline.
    Make duplicate copies of your baseline with the same policies and values and customize them as per your requirement. For more information, see Using Baselines.

  • Keep managed apps on your Windows 10 devices on Enterprise Wipe. 
    Accelerate the process of re-enrollment of your Windows 10 device to a different user. For more information, see Windows Desktop Device Management

Resolved Issues

The resolved issues are grouped as follows.

2105 Resolved Issues
  • AAPP-4931: Provisioning Profile expiration notifications must not be sent for retired apps.

  • AAPP-7488: Sending a custom device info command causes data loss. 

  • AAPP-10678: Unable to access the complete page on VPP associated license page.

  • AAPP-10984: Incorrect number of SIMs shown in Device Details for iOS devices. 

  • AAPP-11617: Device name is not set to a friendly name on enrollment.

  • AAPP-11767: SIM Change compliance not working with DualSim iOS devices.

  • AAPP-11019: When a user is selected on a DEP profile with an uploaded certificate, the V1 delete user API fails and orphan data.

  • AAPP-11025: When you open a VPP app from the global search, the UI is outdated and does not match what you see when you open it from the Purchased Apps list view.

  • AAPP-11075: Legacy Catalog shows incorrect App version for custom b2b app.

  • AAPP-11143: When upgrading to a version of UEM that has outdated certs, valid APNs for Apps certificates are replaced with invalid certs.

  • AAPP-11181: If the status parameter is not included, the API to get devices with a purchased app assigned/installed fails.

  • AAPP-11237: Compliance policy with change roaming settings action overwrites the settings command queued on enrollment and does not include all of the configured Managed Settings. 

  • AAPP-11243: Unable to clear stoken, deviceApplication.VppAccount_Delete times out. 

  • AAPP-11271: Telecom data reported by iOS devices is not saved.

  • AAPP-11303: If the app is only available in non-US App Stores, the Console iOS App Images Tab/Page does not load.

  • AAPP-11305: The iOS 14 tag for Associated and Excluded Domains is missing in the iOS per-app VPN profile.

  • AAPP-11434: UEM Console supports uploading certificates without a private key for Apple signing certificates.

  • AAPP-11512: Installing an app with an app config lookup value that includes quotes fails.

  • AAPP-11484: When an app is managed at a higher OG, it is not possible to manually enter app bundle IDs for iOS Notifications profiles.

  • AAPP-11517: "Update Completed" and "Restore Completed" and "Accessibility" in the DEP profile are always displayed as "SKIP". 

  • AAPP-11519: Memory granted for stored procedure interrogator.Scheduler_SearchByDevice is unused.

  • AAPP-11550: Unable to toggle the "IsManaged" flag using the profile create or update API.

  • AAPP-11610: Unable to request iOS App Logs until App is relaunched. 

  • AAPP-11625: VppUsersSchedulerNotVisited frequency is very aggressive. 

  • AAPP-11656: No updates appear in device details for an iOS device.

  • AAPP-11678: iOS VPN Profile of type IKEv2 fails to save EAP settings.

  • AAPP-11679: The REST API call does not create a Workspace ONE Assist session for the iOS devices.

  • AAPP-11688: Class Sync failing due to SQL timeout.

  • AAPP-11699: The IMEI search for Apple digital sim does not find the device.

  • AAPP-11714: High CPU usage caused by the interrogator.SelectiveApplicationList_Save_V2 sproc.

  • AAPP-11717: For iOS Devices, the {DeviceWLANMac} lookup value for friendly name is displaying incorrectly.

  • AAPP-11725: iOS updates have incorrect posting and expiration dates.

  • AAPP-11731: Intelligent Hub deployed through VPP does not automatically install on DEP-enrolled devices.

  • AAPP-11745: Webclips are not shown on Shared iPads.

  • AAPP-11767: SIM Change compliance not working with the DualSim iOS devices.

  • AAPP-11746: Unable to get search results for some specific users under device < device updates < iOS.

  • AAPP-11779: Intelligent Hub does not send location data, and geofencing does not work as expected.

  • AAPP-11788: Bulk delete API does not work on app-level managed devices.

  • AAPP-11804: Hub sends the incorrect MAC Address in a beacon message.

  • AAPP-11869: PIV-D cannot retrieve Xtec-Derived Credentials (iOS).

  • AAPP-11876: iOS public app assignment is removed once the app's availability type is updated to TVOS supported.

  • AAPP-11907: IOS device with Action as Block/Remove Managed application is not obeyed by VPP application.

  • AAPP-11879: Class Sync fails due to a SQL exception.

  • AAPP-11891: iOS devices in Lost Mode do not display their location in the UEM Console.

  • AAPP-11896: Push Notifications for iOS Updates do not occur.

  • AAPP-11916: User enrollment fails if the user's manager has multiple UEM accounts.

  • AAPP-11938: Safari does not accept usernames that contain an apostrophe.

  • AAPP-11950: Verizon reported SelectiveAppList sample delay.

  • AAPP-12061: AAPP-12061: ClearPass SCEP incorporated in UEM certificates only contain one SAN of a specific type (when multiple SANs of the same type are configured).

  • AAPP-12115: Unable to delete a supervised iOS device if the enrollment status is wiped initiated.

  • AAPP-12041: Saving a custom app fails when the same iOS public app is present on the same LG.

  • AGGL-8011: The Chrome OS Admin user account is not renamed when upgraded.

  • AGGL-8094: The Chrome OS Application Control Extension Policy field can only support 10 characters.

  • AGGL-8250: Roaming restriction is not working.

  • AGGL-8394: Android Passcode throws a Save Failed error.

  • AGGL-8685: Publishing VMware Tunnel profile is extremely slow when adding commands in the Held status.

  • AGGL-8774: The app is not removed if the Terms of Use for the app are not accepted.

  • AGGL-8890: The Certificate Auto-select option is ignored in ChromeOS.

  • AGGL-8974: The legacy app catalog is no longer available in Hub when a device's OGs change. 

  • AGGL-8983: Chrome OS management integration user synchronization problem.

  • AGGL-9066: Profiles are not being installed in Chrome Books after re-enrollment.

  • AGGL-9075: The Intelligent Hub Services unified catalog is enabled, but no catalog is visible on previously enrolled devices.

  • AGGL-9084: The "Allow personal apps to share data with work apps" restriction does not appear to be working as expected.

  • AGGL-9139: Per-App is not listed as whitelisted in the Tunnel app.

  • AGGL-9155: Page loading performance improvement related to feedback channel by leveraging bulk API calls to intelligence.

  • AGGL-9194: Android 10 not picking up registration records.

  • AGGL-9314: Application downloaded and installed from Work store despite the removal of application assignment.

  •  AGGL-9372: Managed by Setting is not respected when adding an Android public app.

  • AGGL-9395: Unable to send a push message to Android device from the app details page.

  • AGGL-9506: When you select the Import from Play option, it takes 8 to 11 minutes for the list of apps to be imported into the UEM.

  • AGGL-9527: If the required Boolean values in app configuration are left empty, an application cannot be saved.

  • AGGL-9643: Privacy notice includes Device Wipe in Work Profile.

  • AGGL-9658: If a public app remains unassigned after changing smart group conditions by adding TAG, it remains in the Play Store.

  • AGGL-9714: App Catalog profile does not land after DA->PO migration.

  • AGGL-9765: Sustained High Spike in API Cluster as a result of AndroidWorkUtility Requests.

  • AGGL-9826: Application ID and version do not show up while adding application version.

  • AGGL-9833: Unable to assign certain AE public app.

  • AGGL-9867: Enrollment restrictions are not honored, and the device does not display the device-blocked page, but it completely enrolls the device.

  • AGGL-9873: Android Enrollment issues with AOSP/Closed network.

  • AGGL-9946: Profiles and Apps are not assigned for the devices in Checkout. 

  • AGGL-10003: Hub registered mode does not work for Android devices if Android Enterprise is not available.

  • AGGL-10018: Telecom and Location Hub settings are disabled when admin with custom role changes and saves any Hub settings.

  • AGGL-10020: Wi-Fi profile fails to deploy.

  • AGGL-10111: Unable to add the Microsoft Launcher application onto the console when EMM is integrated.

  • AMST-28531: Win32 Processor does not work as expected when multiple CPUs are in request.

  • AMST-29552: Even after removing the payload, the Data Protection payload does not clear the AppLocker Policy.

  • AMST-28751: When editing a profile, you can save and publish it even if mandatory fields are left blank.

  • AMST-30814: Newly created admin role with full permission does not display the "Windows Desktop" settings.

  • AMST-30891: "Registry Operation" command gets queued for macOS devices.

  • AMST-31061: Unable to Edit the custom configuration XML on Windows VPN profile.

  • AMST-31155: F5 Edge VPN profile sends wrong application id for Windows 10.

  • AMST-31296: Classification type “Updates” is mislabelled in Profiles and in Device Updates. 

  • AMST-31376: BitLocker Key is missing from the UEM Console.

  • AMST-31378: TOU issues for AAD and ADFS enrollment flow.

  • AMST-31388: Friendly name changes in troubleshooting events.

  • AMST-31435: After the 2010 Console Update to 2101, the devices have the user context command stuck in the queue.

  • AMST-31450: Force BIOS Password Reset is changed to DISABLED and unable to revert to ENABLED.

  • AMST-31460: After removing a profile from a device UEM shows "Removed" but BI shows as "Unconfirmed Removal".

  • AMST-31493: Compliance Encryption Policy for Windows 10 devices only fails for devices that are already enrolled when the BitLocker policy is updated to the latest version.

  • AMST-31669: Windows 10 IP address shown in Network tab is not correct

  • AMST-31689: Compliance status shown as "Not Available".

  • AMST-31774: Detection criteria for windows applications is removed. 

  • AMST-31189: Unable to add a windows device credentials payload profile of type Defined CA.

  • AMST-31325: After editing a Windows Antivirus profile, the settings are lost.

  • AMST-31349: For Windows 10 devices, an incorrect ADA download URL was observed.

  • AMST-31917: Unable to import BSP Apps from exception package handling for the “msix” package type.

  • AMST-31976: Intelligent Hub does not shut down for Azure OOBE-enrolled devices.

  • AMST-32182: "Device Limit per User" on "Enrollment Restriction Policy" is not working as expected with Windows Native MDM client enrollment.

  • AMST-32402: Certificates on Win10 devices in production are not being revoked.

  • AMST-32672: Unable to delete Win Public app due to legacy mapping records in ApplicationKiosk. 

  • AMST-32290: When creating a Windows app using the begin install API, the "configure registry data" value under data contingencies remains unchecked.

  • AMST-32433: When adding an antivirus payload to an existing profile in Windows 10, DS fails to build an installProfile.

  • CRSVC-18100: Baseline summary counts do not match actual status counts.

  • AMST-32433: DS fails to generate Install Profile when adding antivirus payload to an existing profile window.

  • AMST-32232: The certificate installed with the SCEP profile, which is configured with the AirWatch CA, does not appear on the console.

  • AMST-32574: DeviceReportedName temporarily reports incorrectly causing certs pushed at that time to have incorrect SubjectName.

  • AMST-32400: Data platform Service is in Hung state.

  • ARES-13418: Custom SDK Profile does not trigger the install profile command queue after saving and publishing the change.

  • ARES-14755: Uploading Large .ZIP (~3.5 GB) files as an internal app for Windows does not work as expected. 

  • ARES-15791: Console Events under Events Page of public app details does not display any data.

  • ARES-16917: Geofencing profile payload is not removed when the device profile and geofencing area are deleted.

  • ARES-16991: Mouseover Descriptions for iOS Profile Payload are not shown on console versions greater than 20.7.

  • ARES-17094: To avoid updating values in the wrong columns, the ApplistSample parameter requires an ordering attribute.

  • ARES-17119: Exchange Settings are not available for Android Notebook with AFW enabled.

  • ARES-17126: When removing a managed app with a future effective date from the Device Details View > Apps tab, it does not work.

  • ARES-17211: Bulk query from Applications is limited to 47.

  • ARES-17224: When using the Workspace ONE UEM standalone catalog, devices are not added to smartgroup after enrollment.

  • ARES-17237: Lookup variable "{EmailAddressPrompt}" for iOS EAS profile does not pick the value specified in SSP. 

  • ARES-17319: Status is not reporting as completed in Windows 10 Freestyle.

  • ARES-17338: Report Subscription settings are not saving correctly.

  • ARES-17362: Existing app metadata info is overridden by the newly uploaded version.

  • ARES-17423: Cannot publish Internal Application if Locale Setting uses (Canada) as a Language type.

  • ARES-17427: 'Request Logs' option is not available for the Workspace ONE Cards app on the UEM Console. 

  • ARES-17502: Inconsistency in app size between the list view and the detail view for internal apps.

  • ARES-17538: Violation of PRIMARY KEY constraint 'PK_DeviceProfileDevicePool'. Cannot insert duplicate key in object 'deviceProfile.DeviceProfileDevicePool'.

  • ARES-17100: Memory granted for stored procedure deviceCommandQueue.CommandQueue_List is unused.

  • ARES-17651: API call returns an error.

  • ARES-17869: Certificate Authority which is seeded must not be shown on Boxer CA drop down.

  • ARES-17959: Application deployment is stuck in the pending release state.

  • ARES-17987: Unable to save XML configurations under custom settings on SDK profile.

  • ARES-18167: The Application Details by Device report does not include Public (Unmanaged) apps for Employee-Owned devices.

  • ARES-18197: Sorting based on OG name is not working on the View devices page of profiles.

  • ARES-18214: Cannot update IPA and APK to Workspace ONE UEM with same bundle id and same version.

  • ARES-18645: When attempting to remove/uninstall apps from the device details page, UEM displays the "Door is locked" error.

  • CMCM-188989: Enterprisecontent.[Content_StatusByLocationGroup_Save] is filling customer disks.

  • CMCM-188997: Unable to save security settings on synced child folders from the corporate repository.

  • CMCM-188958: Corporate file servers are not visible with MCM licensing.

  • CMEM-186217: "Run Compliance" action errors out when there is an error accessing Device data.

  • CMEM-186249: The API for Device policies reports incorrect data.

  • CMEM-186289: AllowList or DenyList does not work properly on Unmanaged records on the Email list view.

  • ARES-18253: A user changed the message prompt in the iOS Hub post console upgrade to 2102.

  • CMEM-186308: Operation failed while performing Sync mailbox.

  • CMSVC-14360: Handle invalid trigger schedules gracefully.

  • CMSVC-14432: CSV Injection is allowed in the batch import of Users, Admins, and Devices.

  • CMSVC-14292: When a Directory User is added to a child OG via batch import, the Default Template configured on Global is sent.

  • CMSVC-14633: Organization Group gets stuck in 'Delete in Progress'.

  • CMSVC-14673: Latency issue in 'GET /API/system/groups/users' endpoint.

  • CMSVC-14565: Malfunctioning of Assigned devices search.

  • CMSVC-14685: Unable to view default roles managed at Global OG, Basic Access, External Access, or Full Access from Accounts > Users > Roles. 

  • CMSVC-14577: Documentation is lacking on SCIM API.

  • CMSVC-14752: Unable to delete smart groups using API calls.

  • CMSVC-14795: Admin user group sync fails due to ObjectGUID change.

  • CMSVC-14809: Unable to search for admin users via API if the sum of the OG name and admin account exceeds 79 characters.

  • CMSVC-14814: When adding an assignment through the assignment groups list view, the QuickAddSmartGroup-OrganizationGroup ID group name is used.

  • CMSVC-14827: Page navigation greyed out.

  • CMSVC-14828: The response time for a Bulk API call to add users to a usergroup ranged between 12 and 40 seconds.

  • CMSVC-14829: Unable to add device if user account phone number is set to <Unknown>.

  • CMSVC-14872: The Event log displays the error message "An error has occurred."

  • CMSVC-14904: Admin with 'Read Only' role can add tags to devices via /tags/tagid/adddevices.

  • CMSVC-14917: AD User Groups' membership counts keep reducing without any triggers.

  • CMSVC-14563: Error when loading Admin Login History.

  • CMSVC-14668: Extra resources are loaded when the user has multiple roles assigned to the admin.

  • CRSVC-7871: VMware AirWatch has a swagger console implemented which is vulnerable to DOM XSS.

  • CRSVC-13613: Changing the Date Range Filter for device events to one week throws an error.

  • CRSVC-15675: Cannot delete a device record from the UEM console.

  • CMSVC-14183: Terms of use for the Enrollment user gives “Something unexpected happened.

  • CRSVC-15472: Rate Limiting Page times out in API Advanced Settings.

  • CMSVC-15144: Devices added to an assignment group through Additions are not allocated to the group assignment correctly.

  • CRSVC-16038: The Time schedule option is unavailable when the role admin with all the write access logged in through the UEM console.

  • CRSVC-16702: Internal application assignment is not created for devices assigned to workflow with deleted SG.

  • CRSVC-17449: CertificateNearExpiration_quick Analysis is a long-running query

  • CMCM-188954: SQL timeout while trying to edit & save assignment for content.

  • CRSVC-17503: Unable to detect SIM card on the Device Summary page. 

  • CRSVC-17807: CA connections failed.

  • CRSVC-17954: iOS DEP MDM Enrollment Completed command not generated.

  • CRSVC-17815: The security settings for the log-on message in Baselines break the format of the sentences in the text box.

  • CRSVC-17864: Services fail to start because one of the configured memcached nodes has failed.

  • CRSVC-17870: Trailing Space for CDN Server URL causing test connection failure.

  • CRSVC-17979: Certificates uploaded through the UploadSmimeCerts API are failing regularly.

  • CRSVC-18017: Templates no longer showing VMWare graphics when the user receives the emails.

  • CRSVC-20900: Device incorrectly reporting intermediate status.

  • AMST-31378: TOU issues for AAD and ADFS enrollment flow.

  • CRSVC-18862: Force reinstall EG profile puts other profiles in pending state on Console.

  • CRSVC-18758: AirWatch SCEP CA profile installation fails on MDM SCEP client if the Certificate Subject Name contains a special character.

  • CRSVC-19406: Escrow Gateway as Credential with Exchange Server profile.

  • CRSVC-19113: Workflow does not attempt to reinstall after failing due to ADA not being installed.

  • CRSVC-19222: Custom baselines are not installing or are installing with no notifications following installation delays.

  • CRSVC-20047: Client Certificates do not push after upgrading to 2102 if the template contains a lookup for UserDistinguishedName.

  • CRSVC-20507: iOS Boxer 21.03 does not retrieve SMIME from the Escrow Gateway.

  • CRSVC-20489: Device incorrectly reporting intermediate status.

  • CRSVC-20449: App Details View > Deployment Progress cards displaying workflow type AWEntitySmartGroupAssignmentMap records.

  • CRSVC-20614: Able to delete SG that is associated with an active workflow.

  • CRSVC-20970: Multiple challenges for SCEP/PKI in SCEP and EG Scenario.

  • CRSVC-18027: Compromised status for hub-registered devices is not correctly updating in the Device Details Summary page, despite the database indicating that it is not compromised.

  • CRSVC-18259: Addressing encryption/signing issues on Device Services, leading to device communication failures due to recent changes in the .NET framework released as part of the latest Windows updates.

  • CRSVC-21557: Unable to load the Device List View. 

  • ENRL-2464: Fix for memory grant issues in some database procedures. 

  • ENRL-1575: Users might not be allowed to enroll a device due to an orphan device record when navigated away from the privacy screen.

  • ENRL-1841: If the enrollment username is an email address, the enrollment restriction is not applied.

  • ARES-18649: App not shown in the Catalog for the user who is not a member of the UserGroup added to the Denylist app group.

  • ENRL-2420: Whitelist device records getting deleted after 90 days for Windows 10 devices.

  • ENRL-2546: Device blocked by "Enrollment Restriction" notification not sent to user intermittently when device is prevented from enrolling.

  • ENRL-2465: Fix for memory grant issues in some database procedures.

  • ENRL-2591: When the device friendly name format is set to DeviceReportedName, the device-friendly name is displayed incorrectly.

  • ENRL-2653: If OS version-based restrictions are present, devices might not be allowed to re-enroll after the device OS is upgraded.

  • ENRL-2655: The User Group Mapping setting is overriding in the child OG even though it is set to inherit from the parent OG.

  • FCA-194914: Dashboard count bars are displayed in black rather than different colors.

  • FCA-195356: Unable to reconfigure Hub services successfully.

  • FCA-195413: When Adding a Device for New Directory Users, the OG List does not populate.

  • FCA-195540: Unable to delete unenrolled devices from Device Details or Device List View page.

  • FCA-194998: API call to bulk delete devices.

  • FCA-195447: Unable to perform any action from the device details page when using Internet Explorer.

  • FCA-195752: API V3 GET/devices/search always returns the Device ID as 0.

  • FCA-194943: Unable to upload application with console idle session set to 15 minutes.

  • FCA-195828: Incorrect count on confirmation modal after selecting all devices.

  • FCA-195875: Device count incorrect for automation.

  • FCA-195530:Unable to allot all available licenses for VPP Apps.

  • FCA-197169: Bulk SMS is not working.

  • AMST-32458: Migration script to insert missing recovery keys from DiskEncryptionSample table.

  • FCA-196233: Vulnerability reported with the UEM console version 2010.

  • FCA-196507: Admin is automatically logged out of the UEM console when Idle Session Timeout expires, even though admin is still logged in.

  • FCA-196508: Admin stored XSS in Workspace ONE UEM.

  • FCA-196729: The GUI displayed an incorrect message with a number instead of the expected product name.

  • FCA-196233:  Vulnerability reported in the console version 2010.

  • FCA-197141:The timezone value is not updating.

  • FCA-197236: Workspace ONE Express does not have a privacy option to collect and display location data. 

  • FCA-197012: Externally reported security vulnerability in WorkspaceOne REST API Endpoint DDoS.

  • FCA-197258: An undocumented 204 empty response code.

  • INTEL-29749: Manufacturer Name field is not populating for all devices.

  • MACOS-1699: The generated XML contains an empty array for the key OnDemandRules for F5 Access VPN type.

  • MACOS-1912 : When configuring two network payloads in a profile, the first payload loses authentication certificate data when it is saved.

  • MACOS-1965: Sensors do not return data to the UEM console.

  • MACOS-1972: AvailableOSUpdate query prevents updates to macOS 11.2.

  • MACOS-1964: Validate the sensor assignment API to handle "SCHEDULEANDEVENT" for windows sensor assignment.

  • MACOS-2209: "Install Intelligent Hub for macOS" option is not available. 

  • PPAT-8508: Unable to save the Tunnel configuration.

  • PPAT-8563: VPN Profile installation fails when device enrolled on the child OG.

  • PPAT-8598: Migration script fails while running DB installer.

  • PPAT-8734: Unable to copy VPN profile for other connection types.

  • PPAT-9085: Tunnel Server or Client certificate returns invalid date in console.

  • RUGG-7423: Inconsistency in internal and public app filter persistence.

  • RUGG-8682: Files are randomly deleted from a file or action.

  • RUGG-9351: The total assigned count for a product through an API call is 0 on UEM 20.5 and later versions.

  • RUGG-9357: When you click the dependency button on a product, you get an error message.

  • RUGG-9433: Disabling Restricted Action for "Override Job Log Level" does not work.

  • RUGG-9520: Product delivery is halted, or unprocessed CSI items.

  • RUGG-9577: Unable to start Windows Remote Assist in an unattended mode with app version 2011 on AAD joined machines.

  • RUGG-9579: Unattended mode is not available for Domain Joined machines in Windows 10.

  • RUGG-9591: The Product List View page fails to load when selecting a filter.

  • RUGG-9680: Application assignment count not populated in the Products app grid. 

  • RUGG-9711: QR Enrollment Configuration for Android Rugged is displaying users from Global.

  • CRSVC-20614: Able to delete SG that is associated with an active workflow.

  • RSVC-20489: Device incorrectly reporting intermediate status.

  • CMSVC-15106: Smart groups allow association with directory users or user-groups from a parent organization groups when the LDAP permission is set to "Override".

  • CMSVC-15105: Basic and AuthProxy users created with non-NULL LDAPDefinitionID. 

  • AMST-32917: Windows Desktop App added through BSP is failing to install on the device.

  • AGGL-10237: Hub Registered Android devices cannot install non-work Google Play apps.

  • AGGL-10264: Hub Registered Android App assignments do not update after enrollment.
     

  • AGGL-10327: Issue with a network IP range-based Organization Group assignment for devices. 

  • AMST-33118: Loading assignment throws an error when Assignment Name is greater than 64 characters.

  • ARES-18659: Unable to Edit Tunnel Profiles.

  • CMSVC-15170: Directory Test Connection fails with Kerberos.

  • ENRL-2857: Unable to enroll macOS Big Sur devices when an OS version restriction policy is configured.

  • FCA-196939: Bulk Action from the device list view is not processing for all devices.

21.5.0.1 Patch Resolved Issues
  • AAPP-12239: Unable to install internal apps on Mac devices after upgrading the console.

  • AGGL-10259: Failed to edit Passcode payload profile for AFW Profile in DDUI.

  • AGGL-10243: The DeviceSerialNumber Lookup Value is not resolved correctly in Command XML.

  • AMST-33026: Device List view exports are timing out.

  • ARES-18815: ARP is not working as expected after the second trigger.

  • CMSVC-15172: Directory Users must not be created from Child OGs if the LDAP Child Permission is set to Override Only at the Parent OG.

  • CMSVC-15174: Smart groups allow users from a parent organization group to be associated with directory users.

  • CMSVC-15176: Basic and AuthProxy users are created when the LDAPDefinitionID is not NULL.

  • CMSVC-15217: Directory Test Connection fails with Kerberos.

  • CMSVC-15219: Admin roles have UI issues.

  • ENRL-2858: When an OS version restriction policy is configured, enrolling macOS Big Sur devices is not possible.

  • FCA-197663: Device List view exports are failing due to timeout.

21.5.0.2 Patch Resolved Issues
  • AMST-33128: Seed the UEM version 2105 Patch Hub to the UEM console. 

  • AGGL-10330: Issue with the network IP range based on Organization Group assignment for devices. 

21.5.0.3 Patch Resolved Issues
  • AGGL-10259: DDUI for AFW Profile: Failed to edit Passcode payload profile.

  • AGGL-10315: Hub Registered Android devices cannot install non-work Google Play apps.

  • AMST-33014: Windows Desktop App added through BSP is failing to install on device.

  • AMST-33019: High SQL waits and Blocking SQL's observed while running Workflows along with BG load.

  •  AMST-33137:  Loading assignment throws an error when Assignment Name is greater than 64 characters.

  • CRSVC-22437: Workflows not adhering to Time windows.

21.5.0.4 Patch Resolved Issues
  • AGGL-10375: Bulk Setmanagedconfigurationfordevices API has not called for all assigned devices.

  • AMST-33201: DB upgrade failure.

  • ARES-19092: Uptime upgrade failing.

  • CRSVC-22713: Deadlocks are seen in deviceCompliance during compliance policy publish.

  • PPAT-9293: DB CPU was seen while iOS Tunnel profile publish.

  • RUGG-9951: DB table constraint in a product provisioning-related table is causing a time-out during the upgrade.

  • SINST-175893: AWCM sending wrong messages to ACC.

21.5.0.5 Patch Resolved Issues
  • AMST-33238: Sensor based Automation is not adding TAG. 

21.5.0.7 Patch Resolved Issues
  • AGGL-10413: Skip Batching for SCEP payloads.

  • AGGL-10426: Page crash when loading existing restrictions profile after DDUI migration.

  • AMST-33308: Seed Hub to 2105 console.

  • ARES-19367: Not able to install patch to the already installed application.

  • CRSVC-22821: Reduce the throttling limit of the workflow selective status API.

  • CRSVC-22912: SMTP no longer working post 21.05 upgrade.

  • CRSVC-23026: EventLog purge was failing due to the newly added Column in the EventLog table.

  • RUGG-9935: Location group cleanup failing.

  • AGGL-10410: Database transaction causes timeouts in application publish smart group unassignment flow. 

21.5.0.8 Patch Resolved Issues
  • ARES-19728: Memory Leak on AirWatch Custom Reports Entity NullResponseHandler.

  • CRSVC-23116: DB sproc timeouts during perf testing.

  • ENRL-2968: Unable to enroll macOS with DEP and Okta configured.

  • RUGG-10010: Unable to Create QR Code Enrollment with Higher-Level OG Users.

21.5.0.9 Patch Resolved Issues
  • CMSVC-15364: Unable to create AD admin account in the child OG.

  • AAPP-12433: Leverage Content Metadata API to lookup app data while adding iOS public apps.

  • AGGL-10481: Profiles do not apply to the device.

  • AAPP-12411: iOS WiFi profile creates a blank key for TLSTrustedServerNames.

  • AGGL-10483: Chrome OS Certificates Push is missing on the device.

  • CMCM-189145: Content repositories not showing in the Content app.

  • AGGL-10485: Custom friendly name changing on Android devices using CICO.

  • CRSVC-23258: Logs are not being displayed.

  • AMST-33377: OOBE enrollment failed with status tracking prompt enabled.

  • CRSVC-22765: YATs clients do not differentiate between CP and Cloud.

21.5.0.10 Patch Resolved Issues
  • ENRL-3008: Huge Memory Grant can be seen from enrollment sproc.

  • MACOS-2451: Product Provisioning fails for the MacOS device.

  • AGGL-10565: Unable to edit Launcher profile in DDUI.

  • ARES-19877: Stored Procedure causing high CPU load on DB Server.

  • CRSVC-23399: Reduce the DeviceWorkflowComplete event generation.

  • ARES-19822: Stored procedure timeout.

  • AMST-33461: Domain Join option not showing available in console.

  • RUGG-10070: The length of LOB data to be replicated (120200) exceeds the configured maximum of 65536.

  • ARES-19876: Exists call on CDNProvider should not read from the cache when creating new blob.

21.5.0.11 Patch Resolved Issues
  • AAPP-12453: Reduce load from stored procedures. 

  • AGGL-10587: PerAppVPNAssociation mapping failing intermittently.

  • AGGL-10584: AFW Enrollment is failing with an error.

  • AGGL-10606: Saving the permissions profile causes the console to crash (DDUI Profile).

  • ARES-19824: Primary key constraint violation.

  • CMSVC-15405: Modify vIDM full sync flow in order to make DELETE call before the POST call.

  • AMST-33508: Seed the v2105 Patch Hub and SFD to the UEM console.

21.5.0.13 Patch Resolved Issues
  • AMST-33652: Seed the v2105 Patch SFD to UEM console.

21.5.0.14 Patch Resolved Issues
  • AAPP-12466: iOS Application List Sample does not reflect 21.04.1 Hub after Hub upgrade, resulting in Compliance violations and Enterprise Wipes.

  • AGGL-10585: DA to DO Migration does not honor user registration account type.

  • AGGL-10603: ManagedApplicationList for a certain app is missing. 

  • AMST-33590: Processor Architecture is not getting updated even though the device sends it in a sample.

  • INTEL-32574: Intelligence report for users is inconsistent.

21.5.0.15 Patch Resolved Issues
  • AGGL-10622: When a profile is deleted or a certificate is revoked, the Extension must be able to remove the Certificate.

21.5.0.16 Patch Resolved Issues
  • AMST-33790: The Public App Auto Update Profile is incorrectly marked as "Removed" in the UEM Console but remains on the device.

  • CMCM-189235: Repositories appear to be listed, but they are not syncing with Content.

21.5.0.17 Patch Resolved Issues
  • AAPP-12655: 'An error has occurred' message is displayed on the device during web enrollment for multiple configurations.

  • AGGL-10721: Android profiles fail to auto-install on the devices.

  • ARES-20311: The customer is unable to see the list view of devices on the UEM console.

  • MACOS-2540: Custom MDM Command sent to user channel.

  • MACOS-2523: Keep PayloadUUIDs for sub-payloads consistent when adding new versions.

  • CRSVC-24115: Device State Migration Tool is failing.

  • RUGG-10172: The column does not allow nulls.

Known Issues

The known issues are grouped as follows.

Console
  • CMSVC-15106: Customers are able to see and create Smart Groups with the users/user groups from the parent OG where LDAP is configured as Override permission.

    Smart groups (at a child OG) allow associated with directory users from a parent organization group where Directory Services configuration is set to Override only. This happens when the child OG does not have Directory Services configured. 

    There is no workaround for this, however, if admins want to access directory users/user groups from parent OG they should set the LDAP configuration to "Inherit" or "Inherit or Override"

  • CMSVC-15111: Admins should not be able to add directory users or groups from a directory configured at a Parent OG whose child permission is set to Override Only.

    The default lookup for a directory is the closest OG at upwards in the hierarchy from the current OG. When there is a Directory Configured at the Parent OG with Child Permission set to Override Only, it means that the directory is not applicable to children OGs even if they don't have directories. For such a set-up we don't want Admins from Child OG being able to add directory users from the parent directory. This is currently possible from Batch Import and APIs

  • AGGL-10214: Customers deploying profiles using Device Serial Number as Lookup value can see inconsistencies in the profile application on the device

    If a profile is configured with a serial number, the admin cannot search for the profile based on the serial number, there will be inconsistencies in how the profile is applied to the device, which might result in errors.

    Admins can configure a profile using the serial number in the profile name or SSID (Wi-Fi profile) or Certificate and currently the resolution of the device serial number has an issue resulting in the lookup value failing to resolve the serial number. As a result, the look-up goes down to the device as empty. The application of the profile on Android devices fails.

    As a workaround, customers can push the profiles without using the serial number as a lookup and can use any other device identifiers. 

  • ARES-17539: The lookup variable "EmailAddressPrompt" for the iOS EAS profile does not pick the value specified in SSP.

    When using SSP, the lookup field is not resolved. The profile entity with all of the resolved lookup values was discarded, and the entity was loaded from the database again. As a result, the EAS profile is not populated out with user information.

    As a workaround, install from the admin console

  • ARES-18724: Any action that triggers the removal of an application for the second time onwards can directly remove the app from the device without being held for approval by app removal protection.

    Remove App Command gets released to the devices without being held for approval. 

  • CMSVC-15178: Customers with directory configurations that use the DNS SRV feature with Kerberos authentication are unable to use LDAP-related functionality such as Test connection, Searching directory users, adding directory users, adding directory groups, and so on.

    The directory set up with Kerberos authentication and DNS SRV enabled will fail.

    Customers can switch to other authentication types like Basic/NTLM or GSS-Negotiate, or Disable DNS SRV and use Kerberos with the hostname.

  • FCA-197672: Device List view export can fail If the device data exported are huge.

    When a user attempts to export the device list view and the amount of data to be exported is large, the export process begins but fails due to a timeout, asking the user to try again.

    The user could export the device list view for sub-organization groups that have a smaller volume of device data to export.

  • ENRL 2860: If the customer has blacklist or whitelist restriction policies based on the OS version of the devices, those restrictions may not be honored by the devices.

    UEM has OS Versions seeded in the format "OS Name major version>.minor version>.build>". When a policy is generated, UEM saves the seeded OS ID for that policy. When a device enrolls, it communicates the OS Version in the string format "major version>. minor version>.build>." During enrollment, UEM attempts to resolve the OS Version ID by first looking up the OS Version against the seeded value. The system now resolves it by performing a contains-based search on the name of the OS version. As a result, if another OS version has the string, the incorrect OS version can be rectified.

Windows
  • AMST-32938: Server performance degrades with the publication of Freestyle workflows

    While running a Performance test of a Large Freestyle Workflow with 5 apps, 5 profiles, 5 sensors, 5 scripts, High SQL waits, and Blocking SQL were observed. This observation was made only when the Large Freestyle workflow was publishing in an environment with a sampling load of 600k Devices.

  • AMST-32922: Windows Desktop App added via BSP is failing to install on the device.

    The issue arises when BSP apps are imported for Windows Phone and the same app is supported on the Windows Desktop platform and admin imports for Windows Desktop. In such a case, the BSP app installation on Windows Desktop fails.

Apple
  • AAPP-11689: IKEv2 VPN profile not configured correctly.

    iOS VPN Profile of type IKEv2 fails to save EAP checkbox.

  • AAPP-12501: The restriction profile is not removed when the iOS device is checked out.

    Profile removal and installation occur when devices move across siblings during a check in checkout or manually move and the final device organization group is not in the profile's hierarchy.

    Perform the following steps as a workaround:

    1. Shift the Profile to a higher OG (OG name shell).
    2. The DPDP table must be updated with the profile sample. (The sample scheduler job will update all devices' profiles within 4 hours.)
    3. After the sample has been updated in the DPDP for all devices, save and publish the profile to initiate the profile sync and queue the remove command.
       
Freestyle
  • ARES-17497: When a customer wraps commands in an <atomic> element for a custom payload, the workflow status is not reported as complete. The profile installation, on the other hand, is successful. In such a case, this only impacts workflow status reporting.

    The issue is specific to DeviceServices' SyncMl generation logic. To determine whether the OmaDM profile is installed, the SyncML is updated with node cache commands containing the profile uuid. The implementation adds a node cache entry if the <atomic> element is present at the start of the SyncML, but we are executing this add node cache entry in SyncML even if the <atomic> element is present anywhere in the SyncML.

    If such this issue occurs, check the custom payload SyncML for any <atomic> elements and remove them.

check-circle-line exclamation-circle-line close-line
Scroll to top icon