VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced in 2107 and resolved issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article.

Getting Ready for Apple Fall 2021 Releases

Learn more about the upcoming Fall 2021 releases for Apple. See Getting Ready for Apple Fall 2021 Releases for more information.

New Features in this Release


  • We’ve increased the allowed internal app size. 
    You can now upload internal apps of up to 10GB to the Workspace ONE UEM console. This file size has been increased from the previous 200 MB. You must enable CDN to use the increased app size. In SaaS deployments, we’ve enabled CDNs by default. If your on-premises deployment uses CDN, your environment will also have these updated size limits. To know more, see Deploy Internal Applications as a Local File.

  • Get device information with the maximum page size limit of 500 using the /device/search API.
    The /device/search API now has a page size limit of 500. Each API call can have a maximum of 500 records. Users must iterate through pages if the page size exceeds the maximum limit to get all the records.

  • We've made a few enhancements to the Remote Management APIs (V1 and V2). 
    • The Remote Management APIs (V1 and V2) now support Role-based access controls. You can now restrict the level of access that a user must receive while using Workspace ONE Assist through the Remote Management APIs. Workspace ONE Assist allows the following functions to be restricted at a user-level role – Remote View, Remote Control, File Manager, Registry Editor, Remote Shell, Session Collaboration, and Unattended Access on desktops.
    • You can now use the Remote Management API (V2) to pass in additional parameters that allow users to choose specific remote management tools such as Share Screen, File Manager, and Remote Shell prior to a session. When using the Remote Management APIs, you can now easily specify which Workspace ONE Assist tool you want to connect to when starting a remote session. This functionality is already available when a session is initiated from the UEM console. We have enhanced the remote management APIs in this release to support the same.


  • Want to ensure that users cannot change their location on their devices? We’ve got a solution for you.
    We have added a new restriction that enables admins to prevent users from changing the device's location settings. When the restriction is applied, the previous location setting is used. This feature requires Data-Driven profiles. For more information, see How to Configure Android Profiles
  • Allow specific apps to always have access to VPN.
    The VPN Always On Lockdown Allowlist provides a way for specified apps within the Work Profile, Work Managed Device, or COPE/EWP to continue to access the internet, even when the Always On VPN is disconnected or not available. This feature requires Data-Driven profiles. For more information, see How to Configure Android Profiles.


  • Support for Apple Silicon in Smart Groups.
    Workspace ONE UEM now supports filtering by CPU Architecture in Smart Groups for macOS devices. You can define Smart Groups based on Intel (x86) or Apple Silicon (arm64) processor types. We have also updated the Device List View filter and the Device Details page to include the new CPU type. Support for filtering Windows devices by CPU type will be in a future release. For more information, see Support for Apple Silicon Macs.

Email Management

  • We’ve simplified the Email List View page.
    We removed the device details such as OS, model, platform, phone number, or IMEI from the Email > List view page. You can still see that information from the Device List View page.

Content Management

  • Want to delete your old Personal Content storage, but not sure how? We have a solution for you. 
    You can now easily remove the Personal Content storage from your Workspace ONE UEM console using the /V2/contents/groups/{organizationGroupUuid}/personal-content API. This API deletes all personal content repositories from the provided organization group and its children. You can access this API at Workspace ONE UEM API Explorer.

App Management

  • We've made a few modifications to the CDN configuration to improve ease of use.  
    We enhanced the test connection functionality of the CDN configuration to include checks for user account permissions. We have also published a CDN configuration tool that can be used independently of the Workspace ONE UEM console. The new tool makes it easier for on-premises customers to set up their origin servers. You can find the tool on My Workspace ONE. For more information, see Workspace ONE UEM and Akamai Integration Workflow.


  • We've bid farewell to Windows Phone. 
    As Windows Phone has reached the End of General Support, we have removed all instances related to it from the Workspace ONE UEM console. We no longer support the management of this phone model. To know more, see the End of support announcement.
  • Build your own baselines for Windows 10 without using a pre-configured template. 
    You no longer need a template to create baselines in Workspace ONE UEM. You can now create baselines from scratch by simply selecting policies from our policy catalog. Select the appropriate Windows 10 version in the creation wizard, then select your policies from the policy catalog. Baselines can be found in Workspace ONE UEM under Resources > Baselines. For more information, see Using Baselines.


  • Launcher Check In/Check Out added as an Event Action condition.
    Your Android device Launcher can now be polled by an Event Action, and execute it's Run Intent based on whether Launcher is checked in or checked out. For more information, see Event Actions.

Resolved Issues

The resolved issues are grouped as follows.

2107 Resolved Issues
  • AAPP-11745: Webclips not showing on Shared iPads.

  • AAPP-11907: IOS device with Action as Block/Remove Managed application is not obeyed by VPP application.

  • AAPP-12061: Clear Pass SCEP incorporated in UEM certificates only contain one SAN of a specific type.

  • AAPP-12292: All device channel profiles show incorrect installation status on ABM Shared iPads.

  • AAPP-12426: Create index for RecommendedExternalApplicationID column for PurchasedAppAssigment table.

  • AGGL-9885:  Launcher App never gets downloaded to the device even after the Launcher profile gets installed successfully.

  • AGGL-10227: Bulk Setmanagedconfigurationfordevices API not called for all the assigned devices.

  • AGGL-10422: Device Reboot Menu Option not available for Android Enterprise AOSP devices.

  • AMST-32724: Registered devices are not tagged.

  • AMST-33356: OOBE enrollment failed with status tracking prompt enabled.

  • AMST-33442: Domain Join option not showing available in console.

  • ARES-19744: Database Health Concerns.

  • ARES-19768: The /begininstall API call to create a Windows 10 application fails if actualFileVersion starts with 0.

  • ARES-19777: Timeout for Sproc RetryScheduler_ProcessSuccessfulStatuses.

  • ARES-19786: Bulk install command is not generated if the number of selected devices is above 50.

  • AAPP-12048: Managed devices page intermittently not showing any devices for a certain app.

  • AAPP-12041: Saving a custom app fails when the same iOS public app is present on the same LG.

  • AAPP-12049: Update label for a maximum number of failed attempts in iOS passcode profile.

  • AAPP-12115: Unable to delete a supervised iOS device if the enrollment status is wiped initiated.

  • AAPP-12129: Friendly name showing up as lookup value {emailaddress} when queried with Hub closed.

  • AAPP-12398: Application Deletion Event for the purchased app is not present.

  • AAPP-12169: WiFi IP address is missing from the network sample from iOS in the Workspace ONE UEM console 2003. 

  • AAPP-12288: iOS Application List Sample is not reflecting 21.04.1 Hub during Hub upgrade causing Compliance violations and Enterprise Wipes.

  • AAPP-12201: iOS devices not processing commands until MessagingService restarted.

  • AAPP-12334: iOS WiFi profile creates a blank key for TLSTrustedServerNames.

  • AAPP-11907: IOS device with Action as Block/Remove Managed application is not obeyed by VPP application.

  • AAPP-12464: Unsupervised devices with FindMy enabled show activation lock as disabled.

  • AAPP-12157: Multiple VPP apps stuck in pending check.

  • AGGL-9867: Enrollment restrictions not being honored and does not display the device blocked page on the device, but enrolls the device completely.

  • AGGL-9946: Profiles and Apps are not assigned to the devices in Checkout. 

  • AGGL-10003: Hub registered mode does not work for Android devices if Android Enterprise is not available.

  • AGGL-10236: Android profile behavior is different from other profile types when uploading a cert that already exists in the database.

  • AGGL-10018: Telecom and Location Hub settings are disabled when admin with custom role changes and saves any Hub settings.

  • AGGL-10502: PerAppVPNAssociation mapping failing intermittently.

  • AGGL-10020: Wi-Fi profile fails to deploy.

  • AGGL-10111: Unable to add Microsoft Launcher application onto the console when EMM is integrated.

  • AGGL-10232: Work profile devices are getting Android legacy profiles.

  • AGGL-10237: Hub Registered Android devices cannot install non-work Google Play apps.

  • AGGL-10549: HCL Verse App is not working on Android Enterprise devices with SEG V2.

  • AGGL-10264: Hub Registered Android App assignments do not update after enrolment.

  • AGGL-10295: Lookup information not available in Friendly Name or Launcher. 

  • AGGL-10463: When a profile is deleted or a certificate is revoked, the Extension should be able to remove the Certificate.

  • AGGL-10546: Unable to edit Launcher profile in DDUI when too many apps are added to the Launcher.

  • AGGL-9908: Chrome app control profile Issues.

  • AGGL-10438: Profiles do not apply to the device.

  • AGGL-10397: Custom-friendly name changing on Android devices using CICO.

  • ENRL-2976: Huge Memory Grant has been seen from EnrollmentToken_Search Sproc.

  • AGGL-10327: Issue with a network IP range-based Organization Group assignment for devices.

  • AMST-32402: Certificates on Win10 devices in production are not being revoked.

  • AMST-32428: Windows App transform files capping out at 10.

  • AMST-32433: When adding an antivirus payload to an existing profile in Windows 10, DS fails to build an install profile.

  • AMST-32458: Migration script to insert missing recovery keys from DiskEncryptionSample table.

  • AMST-33500: Public App Auto Update Profile incorrectly marked as "Removed" on the UEM Console but stays on the device.

  • AMST-32574: DeviceReportedName temporarily reports incorrectly, causing certs pushed at that time to have incorrect SubjectName.

  • AMST-32637: Customer's production OG does not receive a location sample.

  • AMST-32902: Incorrect label for Data Protection payload of Windows desktop.

  • AMST-32458: Migration script to insert missing recovery keys from DiskEncryptionSample table.

  • AMST-32646: Device Lock command through API does not log "Device Lock Requested" for Windows device.

  • AMST-32672: Unable to delete the Win public app due to legacy mapping records in Application Kiosk.

  • AMST-33042: Windows Profile Activate/ Deactivate does not trigger the Install/ Remove command when there is already a remove command queued to devices due to previous deactivate. 

  • AMST-33250: VersionHash mismatch between deviceApplication.Application and interrogator.HashTable causing incorrect app installation counts.

  • ARES-19934: Unable to Save & Publish Profile with a large number of assignments.

  • AMST-33043: App transformation file selection not being honored. 

  •  AMST-33118: Loading assignment throws an error when Assignment Name is greater than 64 characters.

  • ARES-18214: Cannot update ipa and apk to Workspace ONE UEM with same bundle id and same version.

  • ARES-18253: A user changed the message prompt in the iOS Hub post console upgrade to 2102.

  • ARES-19383: Device Reconciliation fails when the device is removed from Smart Group.

  • ARES-19161: Unable to access Profile Tab for a device.

  • ARES-18356: On-demand apps are automatically installed on iOS devices if they belong to a specific smart group.

  • ARES-18645: When attempting to remove/uninstall apps from the device details page, UEM displays the "Door is locked" error.

  • ARES-19371: Memory leak when admin runs custom reports. 

  • ARES-18649: App didn't show in the Catalog for the user who is not a member of the User Group added to the Deny list app group.

  • ARES-19033: The ownership of random iOS devices enrolled through Boxer keeps changing to Undefined.

  • ARES-18659: Unable to Edit Tunnel Profiles.

  • CMCM-188954: SQL timeout while trying to edit & save assignment for content.

  • CMCM-189134: Content repositories not showing in the Content app.

  • CMCM-188985: Performance problem when exporting large amounts of data from the contents tab.

  • CMSVC-15105: Basic and AuthProxy users created with non-NULL LDAPDefinitionID. 

  • CMSVC-15106: Smart groups allow association with directory users or user-groups from parent organization groups when the LDAP permission is set to "Override". 

  • CMSVC-15144: Devices added to an assignment group through Additions are not allocated to the group assignment correctly.

  • CMSVC-15170: Directory Test Connection fails with Kerberos.

  • CMSVC-15214: The documentation for the API is insufficient.

  • CMSVC-15267: User search API is missing fields "DisplayName" in output.

  • CMSVC-15408: Updating Directory user attributes through the API.

  • CMEM-186470: Run compliance fails when no device record is present against a MEM device. 

  • CMEM-186419: Walmart SEGs not updating policies.

  • CRSVC-22744: SMTP no longer works post 21.05 upgrade.

  • CMCM-189114: Open-in option missing for .ods file format.

  • CRSVC-18424: The audit policies are non-compliant for the Japanese language.

  • CRSVC-20032: Baseline status is not compliant. 

  • CRSVC-20449: App Details View > Deployment Progress cards displaying workflow type AWEntitySmartGroupAssignmentMap records.

  • CRSVC-20614: Able to delete SG that is associated with an active workflow.

  • CRSVC-23287: Certificate profile failing to install on the device with error “Scep response Status: Pending; FailureInfo: BadAlg” for Generic SCEP integration.

  • CRSVC-20638: Locale change is not applied to the console.

  • CRSVC-20879: App publish fails when adding a new version of an application.

  • CRSVC-20970: Multiple challenges for SCEP/PKI in SCEP and EG Scenario.

  •  CRSVC-21297: Change AirWatch to Workspace ONE in the "Enable Certificate Revocation" description. 

  • CRSVC-21557: Unable to load the Device List View. 

  • CRSVC-21557: Unable to load the Device List View. 

  • CRSVC-17503: Unable to detect SIM card on the Device Summary page. 

  • CRSVC-22365: Unable to edit the default custom admin message template.

  • CRSVC-22534: SQL timeouts on AuthorizationToken_SaveBatch.

  • CRSVC-22707: Privacy Location GPS Data settings for 'Corporate - Shared' devices using 'Corporate - Dedicated' setting instead.

  • CRSVC-22816: Baseline status is pending reboot after reapply.

  • CRSVC-22816: Baseline status is pending reboot after reapply.

  • CRSVC-23013: EventLog New Columns must also be added to EventLog_Delete table.

  • CRSVC-23052: Unable to set up Android EMM using GSuite.

  • FCA-198106: Arguments are not displayed correctly in Provisioning Profile Expiry Notification.

  • ENRL-2896: The message template link is disabled for Single Factor and Two Factor tokens on the console>device details page for console administrators as a security measure.

  • ENRL-2956: Friendly name based on the custom attribute lookup.

  • ENRL-2857: Unable to enroll macOS Big Sur devices when an OS version restriction policy is configured.

  • ENRL-2919: Unable to enroll macOS with DEP and Okta configured.

  • FCA-196939: Bulk Action from the device list view is not processed for all devices.

  • FCA-197073: When you query an iOS device multiple times in a row, the console does not update the last seen time.

  •  FCA-197098: FCA-197098: "Remember Me" checkbox not staying checked after logging out of Console.

  • FCA-197141:The Timezone value is not updating.

  • FCA-197169: Bulk SMS is not working.

  • FCA-197236: Workspace ONE Express does not have a Privacy option to Collect and Display Location data.

  • FCA-197258: An undocumented 204 empty response code.

  •  FCA-197659: Device List view exports are failing due to timeout.

  • FCA-197985: WiFi IP address is not populating for some devices in Device List View.

  • FCA-197751: The recent Report tab does not update with the latest reports.

  • FCA-197879: MDM profile is not removed from iOS device (device switched off and turned on later) when admin deletes the device from console.

  • FCA-198106: Arguments are not displayed correctly in Provisioning Profile Expiry Notification.

  • FCA-198233: Push message sent to all devices in the OG.

  • MACOS-2432: MAC OS Profile installation status.

  • INTEL-29749: Manufacturer Name field is not populating for all devices.

  • MACOS-2209: "Install Intelligent Hub for macOS" option is not available. 

  • INTEL-29749: Manufacturer Name field is not populating for all devices.

  • MACOS-2238: Undefined error when clicking on the application link in the UEM console.

  • MACOS-2410: Cannot ”set the device name to friendly name” for Non Supervised macOS device.

  • PPAT-9085: Tunnel Server or Client certificate returns Invalid Date in the UEM console.

  • RUGG-9746: Unable to generate the Honeywell barcode.

  • RUGG-9961: Unable to add "Applicability Rules" to Products within Product sets through API.

  • RUGG-9985: Unable to Create QR Code Enrollment with Higher-Level OG Users.

  • RUGG-10006: Organization Group was stuck in 'DELETE IN PROGRESS'.

  • AMST-33529: Domain Join assignments are mixing up the Assignment Groups upon editing.

  • FCA-198219: Database Health concerns.

  • FCA-198458: Edit app assignment window fails to load intermittently.

  • INTEL-30971: Intelligence report for users is inconsistent. Patch Resolved Issues
  • AMST-33701: Seed the 2105 Patch SFD to the UEM console. 

  • AMST-33810: Seed the v2107.2 Patch Hub to the UEM console.

  • CRSVC-24014: Upgrade from 2105 to 2107 is taking longer than 4 hours.

  • CRSVC-24015: Remove the additional UUID Columns from Event Log Search Sporc. Patch Resolved Issues
  • ARES-20383: Profile Lookup By UniqueKey Causing Contention.

  • CRSVC-24252: Samples are having invalid data.

  • CMCM-189234: Repositories show as listed but not syncing in Content.

  • RUGG-10171: Column does not allow nulls.

  • AMST-33786: Processor Architecture not getting updated even though the device sends it in the sample. 

  • MACOS-2545: Custom MDM Command sent to user channel.

  • AGGL-10596: Apps Are Not Removed From Play Store when all the apps are not applicable.

  • MACOS-2522: Keep PayloadUUIDs for sub-payloads consistent when adding new versions. Patch Resolved Issues
  • AMST-33943: Profile Publish not queue command for the devices.

  • CRSVC-24391: The compliance action tab is erroring out on the console. Patch Release Notes
  • AMST-33714: Seed the v2107.6 Patch Hub to the UEM console.

  • CMCM-189378: High memory Sproc calls. Patch Resolved Issues
  • AMST-34101: OOBE TOU Must Fit in Screen. 

  • CRSVC-24464: Device State Migration tool must be deployed as part of Scheduler service. 

  • AGGL-10827: Some Android Launcher profiles failing to load after upgrade to 2107 and DDUI FF enablement. 

  • AAPP-12871: ScheduleOSUpdate API fails on UEM 21.05.

  • CRSVC-24603: Failed Profile installation on iOS 15 due to the unique identifier. Patch Resolved Issues
  • AGGL-10827: Some Android Launcher profiles failing to load after upgrade to 2107 and DDUI Feature Flag enablement. Patch Resolved Issues
  • CRSVC-25078: High CPU/memory utilization of scheduler service.

  • CRSVC-24501: API is not loading post upgrading to

check-circle-line exclamation-circle-line close-line
Scroll to top icon