VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced in 2109 and resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

Once our phased rollout is complete, we will announce general availability for on-premises and managed hosted customers. For more information, see the KB article

Getting Ready for Apple Fall 2021 Releases

Learn more about the upcoming Fall 2021 releases for Apple. See Getting Ready for Apple Fall 2021 Releases for more information.

New Features in this Release

Console

  • Assigning the default SDK profile to your iOS Intelligent Hub just got easier.
    You no longer have to manually assign the default SDK profile to your iOS Intelligent Hub as Workspace ONE UEM assigns it for you. This improvement resolves several issues such as inconsistent push messages from the UEM console, SDK profiles stuck in a queued state, difficulties enrolling devices through the Intelligent Hub for iOS, and inconsistencies with enrollment prompts. The settings for the Intelligent Hub and the default SDK profile can be found in the Workspace ONE UEM console under Groups & Settings > All Settings > Devices & Users > Apple Apple iOS > Intelligent Hub Settings.
  • We’ve cleaned up the list of supported Launcher versions.
    We have now discontinued support for Workspace ONE Launcher v1 and v2. You will no longer be able to select these versions in the drop-down menu under Service Applications. To access all the new features, you must upgrade your Workspace ONE Launcher to the latest version. For more information, see VMware Workspace ONE Launcher Version Information
  • Maximize your search results with wildcards in the UEM global search.
    You can now use asterisk wildcards in your global searches to boost your search results. For more information, see Global Search.
  • Workspace ONE UEM and Workspace ONE Access no longer share configurations for SaaS Apps, Access Policies, and Virtual Apps. You can easily find these app management features in the Workspace ONE Access console. For more information, see Workspace ONE Access documentation
  • We’ve now restored the UEM Monitor link to access Workspace ONE Intelligence.
    If you have a Cloud Services account, you can now access Workspace ONE Intelligence through the Monitor button on the main menu. For more information, see Console Monitor.
  • Control certificate revocation based on certificate sampling.
    You can determine when to revoke device certificates if they are missing from the sample. If you choose to disable the setting, Workspace ONE UEM does not revoke certificates from devices whose certificates are missing from the sample. Moreover, manual revocation and revocation during un-enrolment will continue to work even if the setting is deactivated.
  • Coming Soon – Workspace ONE UEM support for Linux-based devices. 
    We are eager to get this new feature to you but will be enabling it in phases to ensure successful deployments. You can use this feature in the coming months as we roll it out to SaaS environments globally. When it is available, you will notice changes to your user interface, such as the addition of Linux as a platform in filters, smart groups, and settings. You will also have the option to select Linux when creating profiles in Workspace ONE UEM. In the coming weeks, we will announce the release of the corresponding Workspace ONE Intelligent Hub for Linux, along with all of the documentation necessary to assist you in utilizing this exciting new offering from the Workspace ONE team.
  • We've set the new data-driven user interface for Android and tvOS as the default profile experience.
    You can now easily and quickly configure and deploy Android and tvOS profiles using the new DDUI profile user experience. This new data-driven model includes new payload layouts, search capabilities, and profile summaries. The new data driven UI framework enables VMware to deliver new profile features faster. For information specific to Android profiles, see How to Configure Android Profiles and for Apple tvOS profiles, see Apple tvOS Profiles.
  • We've enhanced SafetyNet Attestation with Hardware_Backed check
    You can now choose which evaluation types from SafetyNet Attestation are trusted as part of Android Compromised Detection. For more information, see the topic Apps / Settings and Policies / Security Policies.

Windows

  • Configure your Windows 10 devices using the VMware Dynamic Environment Manager (DEM) integration with Workspace ONE UEM.
    We have now integrated DEM with Workspace ONE UEM, allowing you to deploy a DEM config profile to your managed Windows Desktop (Windows 10) devices using UEM. To use the DEM profile, install the DEM Management Console to create DEM config files and deploy the DEM FlexEngine to managed devices to apply the DEM config files. You can find the landing page for this integration in Workspace ONE UEM, by navigating to Groups & Settings > Configurations > Dynamic Environment Manager. The profile can be found in Workspace ONE UEM under Resources > Profiles & Baselines > Profiles > Add > Add Profile > Windows > Windows Desktop > Device Profile. For more information, see the Profiles for Windows Desktop topic and DEM documentation.
  • We've improved the device refresh mechanism for Windows Desktop.
    When you refresh and re-enroll previously enrolled devices in Workspace ONE UEM, the original device record is reused in the Workspace ONE UEM console. The reuse of the original device record eliminates the need for duplicate records in the console. This enhancement is applicable to physical devices but not to virtual machines.
  • We’ve made performance improvements when querying Windows Desktop devices for Windows Updates metadata.

Resolved Issues

The resolved issues are grouped as follows.

Resolved Issues for 2109
  • AAPP-10674: 'An error has occurred' message is displayed on the device during web enrollment for multiple configurations.

  • AAPP-11502: Intelligent Hub appears in the dropdown list under Device Details > More Actions > Find Device, even if the iOS device is enrolled via Web and Hub is not installed on it.

  • AAPP-12511: "ShowSpecificApps" global profile not pushed to ASM devices when a new VPP app is assigned to a class.

  • AAPP-12292: All device channel profiles show incorrect installation status on ABM Shared iPads.

  • AAPP-12398: Application Deletion Event for the purchased app is not present.

  • AAPP-12494: Restriction profile not getting removed at the time of check out of the device.

  • AAPP-12426: Create an index for the RecommendedExternalApplicationID column for the PurchasedAppAssigment table.

  • AAPP-12464: Unsupervised devices with FindMy enabled show activation lock as disabled.

  • AAPP-12508: Inconsistent information in Device Updates for iOS.

  • AGGL-9885: Launcher App never gets downloaded to the device even after the Launcher profile gets installed successfully.

  • AGGL-10166: ManagedApplicationList for certain app missing.

  • AGGL-10227: Bulk Setmanagedconfigurationfordevices API not called for all the assigned devices.

  • AGGL-10422: Device Reboot Menu Option not available for Android Enterprise AOSP devices.

  • AGGL-10438: Profiles do not apply to the device.

  • AGGL-10463: When a profile is deleted or a certificate is revoked, the Extension should be able to remove the Certificate.

  • AGGL-10502: PerAppVPNAssociation mapping failing intermittently.

  • AGGL-10546: Unable to edit Launcher profile in DDUI when too many apps are added to Launcher.

  • AGGL-10549: HCL Verse App is not working on Android Enterprise devices with SEG V2.

  •  AGGL-10611: Compliance-based Enterprise Wipe fails to wipe, re-enrolled Device.

  • AGGL-10579: Saving the permissions profile causes the console to crash.

  • AGGL-10583: Apps are not removed from the Play Store when all the apps are not applicable.

  • AGGL-10599: Passcode profile (Android) with initial passcode set to "vmware1!" does not set the passcode in the device correctly.

  • AGGL-10658: Android profiles fail to auto-install on the devices.

  • AGGL-10676: Restrict Input method restriction is not working.

  • AGGL-10708: Unable to edit Launcher profile in DDUI when language selected to Portuguese.

  • AMST-32724: Registered devices are not tagged.

  • AMST-33356: OOBE enrollment failed with status tracking prompt enabled.

  • AMST-33442: Domain Join option not showing available in console.

  • AMST-33500: Public App Auto Update Profile incorrectly marked as "Removed" on the UEM Console but stays on the device.

  • AMST-33529: Domain Join assignments are mixing up the Assignment Groups upon editing.

  • AMST-33570: Customer Org Delete fails with a database error if the DomainJoin Deployment Params exist.

  • AMST-33650: Windows 10 devices are not reporting accurate location.

  • AMST-33759: Sensors missing from Resources > Sensors.

  • ARES-19768: The /begininstall API Call to create a Windows 10 application fails if the actual file version starts with 0.

  • ARES-19777: Timeout for Sproc RetryScheduler_ProcessSuccessfulStatuses.

  • ARES-19786: Bulk install command is not generated if the number of selected devices is above 50.

  • ARES-19934: Unable to Save & Publish Profile with a large number of assignments.

  • ARES-19970: AppDefaultBrowserExceptions not working on Boxer for Android.

  • ARES-20013: Copying application assignment breaks application configuration.

  • ARES-20049: The customer is unable to see the list view of devices on the UEM console.

  • CMCM-189114: Open-in option missing for .ods file format.

  • CMCM-189134: Content repositories not showing in the Content app.

  • CMCM-189167: Repositories show as listed, but not syncing in the Content.

  • CMEM-186155: Duplicate cert uploaded issue.

  • CMEM-186419: API timeouts.

  • CMEM-186470: Run compliance fails when no device record is present against a MEM device. 

  • CMSVC-15408: Updating Directory user attributes through the API.

  • CMSVC-15506: API call for smart group search does not return the right number of exclusions.

  • CRSVC-22816: Baseline status is pending reboot after reapply.

  • CRSVC-23783: Once the baseline policies are getting applied to the devices, it is removing the QoS policies.

  • CRSVC-23287: Certificate profile failing to install on the device with error “Scep response Status: Pending; FailureInfo: BadAlg” for Generic SCEP integration.

  • CRSVC-23688: Unable to copy any Android legacy profiles with Restrictions payload.

  • CRSVC-23765: "Cannot fetch S/MIME certificates" error message in iOS Boxer 21.04.1. 

  • CRSVC-23814: Process fails during Zero downtime DB upgrade.

  • CRSVC-24142: The template option is missing post-upgrade.

  • ENRL-2943: Changing Enrollment Settings page from "Override" to "Inherit" does not log an event under Console Events in UEM

  • ENRL-2956: FriendlyName based on CustomAttribute lookup.

  • ENRL-2976: Huge Memory Grant has been seen from EnrollmentToken_Search Sproc.

  • FCA-197073: When you query an iOS device multiple times in a row, the console does not update the last seen time.

  • FCA-197985: WiFi IP address is not populating for some devices in the Device List view.

  • FCA-198106: Arguments are not displayed correctly in Provisioning Profile Expiry Notification.

  •  FCA-198219: Database Health concerns.

  • FCA-198233: Push message sent to all devices in the OG.

  •  FCA-198458: Edit app assignment window fails to load intermittently.

  • FCA-198464: Location data not collected for the shared device if we set do not collect for Corporate dedicated devices. 

  • FCA-198997: Device grid search returns records from encrypted values.

  • FCA-199084: OS version not displayed in device details for Big Sur devices.

  • INTEL-30971: Intelligence report for users is inconsistent.

  • INTEL-32640: Missing values for 'manager name' and 'hostname' fields in the Intelligence user report.

  • INTEL-32641: Interrogator.SecurityInformationSample delta export updates encryption status to 0 for devicetype 12.

  • IOTSVC-124: Dashboard Operation System Breakdown links no longer filtering correctly in Device List View.

  • LUEM-291: Device-friendly name misreported in device detail summary tab.

  • MACOS-2478: Keep PayloadUUIDs for sub-payloads consistent when adding new versions to prevent System Extensions from unloading.

  • MACOS-2348: Disk encryption key escrowed on the UEM console for macOS devices that are no longer encrypted.

  • MACOS-2432: macOS devices do not clear pending profile commands after a profile is unassigned due to changing the organization group.

  • MACOS-2474: Custom MDM Command sent to user channel.

  • RUGG-10006: Organization Group was stuck in 'DELETE IN PROGRESS'.

  • CRSVC-22714: The Compliance action tab on the Console is failing.

  • AAPP-12774: ScheduleOSUpdate API fails on UEM 2105.

  • AAPP-12809: APNs for application expiring notification for AirWatch Container and AirWatch Inbox.

  • AGGL-10704: The "Allow Auto Fill" setting never gets deactivated on the restriction payload console UI.

  • AGGL-10772: Config misses in DDUI Launcher Copy profile.

  • AGGL-10797: Some Android Launcher profiles failing to load after upgrade to 2107 and DDUI FF enablement.

  • AMST-33838: Exporting Windows Firewall Profile through API does not include all Values.

  • AMST-33898: Unable to authenticate for Dropship Provisioning in TechDirect when using lower OG.

  • AMST-33903: Newly built and enrolled device built with Windows 10 x64 image and enrolled with the 21.5.4 hub is not processing app install commands.

  • AMST-33982: Windows update shows as unapproval failed for feature update. 

  • AMST-34074: Windows apps are not getting installed back with 2105 and above after an Enterprise reset.

  • ARES-20326: Profile Lookup By UniqueKey Causing Contention.

  • ARES-20461: DSM flag is not being provided in the API.

  • ARES-20495: Adding Organization Group to an assignment crashes the console.

  • ARES-20504: Install Application Commands are not queued for Internal Apps upon app version published. 

  • RUGG-10236: Unexpected error when clicking from Device -> Provisioning -> Product List View in UEM console.

  • LUEM-291: Device-friendly name misreported in device detail summary tab.

  • FCA-199468: Message Templates Not Showing Full Message Body Content in Console UI.

  • CMCM-189381: Files from Office365 Sharepoint re-downloads of the Content app.

  • CMSVC-15690: REST API Endpoint Not Paging Correctly.

  • CRSVC-24392: Unable to delete the workflow from workflow listview.

  • CRSVC-24419: The "Send Message" window does not prompt while adding the 'platform' filter on the device list view.

  • FCA-199037: Branding on message templates not working as expected in 21.05 UEM version.

  • CRSVC-24526: SSL cert auth fails with ephemeral key when using web service references.

  • CRSVC-24709: Pulse VPN connectivity has been failing since UEM upgrade to 2105 and 2107.

  • ENRL-3153: QR Code Rendering.

  • ENRL-3171: The smart groups are not updating post device OG change based on network range.

  • CRSVC-24515: Phone, Current Carrier, and Home Carrier information show as Private in Device List View, even if Privacy setting is set to Display.

  • CRSVC-24099: GPS Data not updated if the Privacy settings are changed to Inherit on child OG.

  • ARES-20520: Look Value in email template is taking email address as noreply@company.com rather Enrollment Support Email.

  • ARES-20564: Cannot publish applications with assignment rankings greater than 255.

  • AGGL-10800: Cannot use PhoneNumber as Lookup Value in Application Configuration after 2107 console upgrade.

  • AAPP-12506: Enrollment fails for DEP Custom Enrollment and Proxy Authentication Use Case.

  • AGGL-10726: Android devices are not showing location data in child OGs, but work at parent OG.

  • AMST-33988: Devices are not syncing after DSP registration.

  • ARES-20442: Adding app assignment fails with 500 internal Server Error.

  • CMCM-189335: Sync issue with Sharepoint O365.

  • CMCM-189369: High memory Sproc calls.

  • CRSVC-24331: API is not loading post upgrading to 21.7.0.2

  • INTEL-33360: Intelligence missing data.

  • MACOS-2595: iOS profile with Allow Removal With Authentication failing to install on supervised device.

  • MACOS-2609: macOS bootstrap package not being queued up for installation on new enrollments.

  • PPAT-9841: Device Traffic Rule set with ports goes blank in Console and Database.

  • AGGL-10815: Slow deployment of a new Public app.

21.9.0.1 Patch Resolved Issues
  • CRSVC-25077: High CPU/memory utilization by scheduler service.

21.9.0.2 Patch Resolved Issues
  • AGGL-10807: Some Android Launcher profiles fail to load after upgrade to 2107 and DDUI FF enablement.

  • FCA-199992: Application versions in Workflows are not honored when reverting from 'Latest available' to a previous version.

  • UM-376 OG: Level consolidation of enrollment users.

  • CRSVC-25204: Zero DownTime environment Upgrade: Uptime DB Upgrade Failed.

21.9.0.4 Patch Resolved Issues
  • AMST-34506: Seed the v2107.7 Patch Hub to UEM console.

21.9.0.6 Patch Resolved Issues
  • AMST-34558: DS cluster under stress due to ApproveUpdate windows commands.

21.9.0.8 Patch Resolved Issues
  • UM-7181: Automatic LDAP group sync skipped for customer intermittently

  • FCA-199939:  Update Knowledge Base Link and Move Feature Flag to Production.

  • CRSVC-25284: Certificate Test connection failing for NDES Dynamic certificate.        

  • CMSVC-15851: Profiles excluded from SG not removed on Publish.   

  • AMST-34544: Windows Desktop Firewall Profile does not allow editing of IP ranges after saving profile.

  • AMST-34507: Windows Persistence setting is visible even though feature is not GA.

  • AMST-34251: Unable to add EAR application.

  • AGGL-10967: Android Passcode Profile should hide Minimum length for "Any" and "Weak Biometric" content levels.

  • AGGL-10966: DDUI profiles only allows 5 credential tabs.

  • AAPP-13033: Apple wallpaper setting applies with all options unchecked.

21.9.0.9 Patch Resolved Issues
  • AMST-34644: Handle migration for revision assignment UUID.

  • CRSVC-25204: Uptime DB Upgrade Failed.

  • INTEL-34750: DB upgrade failure.

  • UM-7184: Updating EnrollmentUser LocationGroupUUID is not batched.

21.9.0.11 Patch Resolved Issues
  • AAPP-13147 Unable to view assigned VPP applications from the catalog after editing the device details.

  • CRSVC-25439: Compliance Policies only show Message Templates defined at the same OG as the Compliance Policy.

  • FCA-199596: Compliance Policy for Cell Data Usage does not report correct status.

  • CRSVC-25258: AU01PSQL02 - Console slowness reported by multiple customers, server is under stress.

  • AAPP-13124: Bundle IDs in Hide Apps section of the Restriction profile is empty after upgrade.

  • CRSVC-25352: [Baseline] Baseline Microservice connection error when loading the baseline page in UEM.

  • CRSVC-25502: Disable Query Baseline Feature Flag.

  • FCA-200438: Switch OrganizationGroupDeleteRestrictionFeatureFlag to Dev in 2109.

  • CRSVC-25638: Change FF CertificateRevocationBySampleFeatureFlag back to Testing.

21.9.0.12 Patch Resolved Issues
  • AMST-34665: Removal command targets incorrectly when the app is deleted from UEM.

  • CRSVC-25667: 'Certificate Near expiration' report returns incomplete results.

  • CMEM-186551: Error observed when requesting for device policies by SEG.

  • CMEM-186551: Error observed when requesting for device policies by SEG.

  • AGGL-11036: Launcher profile configuration seems to be reverting to the older value when making any edits on the profile.

  • FCA-200699: Unable to assign already published apps. New app are not impacted.

  • AGGL-11081: Launcher for Android profile not showing allowed application in Canvas.

21.9.0.13 Patch Resolved Issues
  • AMST-34765: Dropship Provisioning Staging user creation, Revoke token and sync button fixes.

  • CMCM-189505: Uploading large PDF files will cause the Web Console to become inaccessible.

  • CRSVC-25524: Remove the usage of the encrypted URL query parameter.

  • CRSVC-25792: Time Window - Time Window is not correctly updated when the Locale of the Console Administrator is set to Non-US.

  • CRSVC-25839: New enrollments of Boxer fail to connect to on-premises Exchange through SEG after Workspace ONE UEM 2109 upgrade.

  • UM-7244: Patch fails due to existing back up tables- Rename the back up tables to be more unique.

21.9.0.15 Patch Resolved Issues
  • CRSVC-25878: Error when loading Certificate List View.

  • FCA-200846: Patch logging miss on SaaS environments.

  • ARES-21185: View devices page gives empty results.

  • CRSVC-25904: Certificate Request Failed error while trying installing a profile with a certificate.

  • AGGL-11180: Catalog shows incorrect version when Prod and Beta tracks exist.

21.9.0.16 Patch Resolved Issues
  • AAPP-13257: Exception seen on multiple environment.

  • FCA-200863: Update SKUORDER update API to allow Freestyle basic SKU to be added to older UEM versions.

21.9.0.17 Patch Resolved Issues
  • AMST-34860: KIOSK Profile- Windows Kiosk business is loading all held commands causing Memory exceptions.

  • AMST-34850: Disabling HardwareDeviceIdentifierForWindowsFeatureFlag is still merging device records.

21.9.0.19 Patch Resolved Issues
  • AGGL-11198: DDUI - Remove UI components from Launcher payload that are not supported in 2109.

Known Issues

The known issues are grouped as follows.

Console
  • FCA-199471 Compliance Policy for Cell Data Usage does not report correct status.

    Compliance policy evaluation requires device sample mask to be updated when the cell information sample is received. Device sample mask is not getting updated as part of the telecom roll up flow.

    We do not have any workaround for this issue.

  • AMST-34255: Hmac Authentication error.

    Huge number of hmac exceptions causing spike in DS boxes.

Rugged
  • RUGG-10301: Enrollment for Zebra devices stalls because proxy settings configured as part of the staging WiFi profile (WS1) are not being applied.

    Customer’s corporate WiFi does not have direct access to Google, so their use case requires pushing Proxy info during staging as the devices need to connect to GMS during enrollment. Currently with Proxy settings configured as part of staging WiFi profile (WS1) is not being applied and because of this, the devices are unable to complete enrollment. It gets stuck on "Preparing environment for work account registration" and does not move past this screen.

check-circle-line exclamation-circle-line close-line
Scroll to top icon