About Workspace ONE UEM Release Notes

VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced in 2204 and resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article.

Getting Ready for Apple Fall 2021 Releases

Learn more about the upcoming Fall 2021 releases for Apple. See Getting Ready for Apple Fall 2021 Releases for more information.

New Features in this Release


  • Managed configuration for internal applications

    You can now apply Managed App Configurations to Android Internal Applications. When assigning Android Internal Applications through the Workspace ONE UEM console, Workspace ONE UEM displays all supported Managed App Configuration key-value pairs for the application under the Application Configuration tab. This feature requires Workspace ONE Intelligent Hub 22.04.


  • Deploying macOS profiles is now easier and faster with the new data-driven user interface.

    With the new Data-Driven User Interface (DDUI) user experience, you can now quickly add payloads, search, and view profile summaries. Keep an eye out for this new macOS user experience for shared SaaS. With the initial release of the new profile framework for macOS, we are adding new payloads and payload keys to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below:

    • Associated Domains
    • Content Filter
    • DNSSetting
    • FileProvider
    • Firewall (Native)
    • Kernel Extension Policy
    • Restrictions
    • Certificate Transparency
    • Skip Setup Assistant
    • SSO Extension

    We intend to add more payloads and keys released by Apple to Workspace ONE in the future, allowing administrators to deploy much more quickly. This functionality will have a gradual rollout across Shared SaaS. For more information specific to macOS profiles, see macOS Device Profiles.


  • We now have a new maximum file size limit for provisioning Files or Actions.

    The maximum file size you can upload for a product's Files or Action component is now determined by your server configuration, with the maximum size topping out at 5GB. For more information, see Create a Files-Actions Component.

  • We've introduced a new product provisioning condition and Event Action to strengthen security.

    Device Offline is a new condition that detects if your Android device has not checked in with the console for a specified number of days. You can pair this condition with the new Event Action for Android, Device Wipe, to take a highly defensive security posture for lost devices. For more information see, Product Conditions and Event Actions, Android and WinRugg.

  • Get a better experience with expedited deployment of products.

    We have improved the expedited deployment of products you create. Products with this prioritisation are now preferred for delivery and installation on devices ahead of others. For more information, see Prioritize Your Product With Expedited Deployment.

Resolved Issues

2204 Resolved Issues

  • AAPP-13593: “deviceApplication.SyncDevicesForPublicAndPurchasedApp” is timing out.

  • AAPP-13560: [DEP] Setup Assistant > App Store value does not show up on the DEP Configuration Summary page.

  • AAPP-13531: VPP Book Syncs as Unknown Application.

  • AAPP-13763: Username not visible in the tvOS "Wi-Fi" payload (DDUI).

  • AAPP-13652: Public and VPP applications removed from device when Remove on Unenroll is disabled.

  • AGGL-10597: Cannot select None for Allow Location Service Configuration option in Restrictions profile.

  • AGGL-11183: Chrome URLWhitelist or URLBlacklist does not work on the latest chrome versions.

  • AGGL-11324: Apps are not removed from play store when all the apps are not applicable.

  • AGGL-11385: App configuration update.

  • AGGL-11398: "Allow Auto Fill" for "Work Managed" setting is not changed and become same as the "Work Profile" setting.

  • AGGL-11528: Request to increase maximum character limit for Proxy Bypass Rules field in Chrome Browser Settings profile.

  • AGGL-11484: Android 12 Profile Owner Device Serial Number "HubNoSerial".

  • AGGL-11492: Compliance policy not blocking the “ Tecno “ devices.

  • AGGL-11538: PK Violation

  • AGGL-11530: Chrome OS managed App Configuration.

  • AGGL-11540: 'Force YouTube Safety Mode' and 'Enable Touch to Search' settings in Android Chrome Browser Settings profile are not saved with console v2111 and above.

  • AGGL-11564: During Android EMM with G Suite set up, Google's 404 error page shows up when the admin clicks the link to Google Admin Console on UEM Console.

  • AGGL-11579: Android Devices are consuming commands slowly.

  • AGGL-11629: Tags and Smart groups aren’t deleted on the UEM console when Disconnect WiFi action is performed on Zimperium console.

  • AGGL-11656: DDUI is broken by a certificate date format in Android profiles.

  • AMST-35236: Delay in processing windows install/removal commands for apps & profiles.

  • AMST-35185: Security API is not returning Bitlocker key for few devices.

  • AGGL-11693: Handsfree R5 devices are listed incorrectly in DB and the UEM.

  • AMST-35292: Customer is facing issue with enrolling VDIs hosted in Azure. The hub gets stuck in the page "Hang on while we load your workspace" when launched.

  • AGGL-11672: Device model information is not updated on the console.

  • AMST-35294: Unable to find "Allow Enhanced PIN at Startup" in Windows Encryption profile.

  • AMST-35321: Spaceman error while navigating to Devices > Lifecycle > Staging > Windows.

  • AMST-35486: Internal/application API not adding new version for EXE and ZIP.

  • AMST-35391: Blobs being served by DS.

  • AMST-35367: Unable to delete users with removable storage associated with account and no way to remove association.

  • AMST-35531: Unable to run Selective App list API call on the enrolled Win 10 devices. These devices doesn't have any active users logged in due to which we are not able to receive App Samples which is restricting the upgrade for SFD agent on the device.

  • AMST-35662: When enrolling VDI's the latest enrolled device overtakes existing devices, device record.

  • AMST-35704: Unable to modify Version field when using File Exists criteria for Windows Desktop applications.

  • AMST-35619: Tool Tip description for CPU architecture displays incorrect information.

  • AMST-35629: DSP Self Registration doesn’t sync device to OPS.

  • AMST-35743: Windows OS build version shows different in Device list view and Device summary page.

  • AMST-35708: Domain Join Fails when Smart Groups Evaluated Before Enrollment.

  • AMST-35754: Windows profile payload do not get removed when you remove a single payload from the profile with multiple payload.

  • AMST-35798: Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console.

  • ARES-21758: Failed to upload internal app via links in UEM console.

  • AMST-35731: Firewall Rules name displays with garbage characters on Windows desktop.

  • AMST-35808: Greater Than or Equal to application detection operator not working.

  • ARES-21907: Editing a Whitelisted app group having 2.3K apps takes approximately 6 minutes.

  • ARES-21940: App Removal Log is not updated after admin action is performed.

  • ARES-21960: Getting a rocket man error when trying to launch Apps > App Scan > Third party Integration.

  • CMSVC-14568:The SmartGroup API request returns incorrect platform values for some OS platforms.

  • CRSVC-26569: Optimization of the sp CoreAndDefaultAttributes_Update.

  • CRSVC-27068: Unable to delete device from UEM console.

  • CRSVC-26782: Remove the index IX_DeviceExtendedProperties_RowVersion.

  • CRSVC-27358: Increase the SMTP username limit from 64 to 255 characters.

  • CRSVC-27418: UEM Compliance Policy crashes after adding a list of applications.

  • CRSVC-27551: Device Last Seen Compliance stuck in pending state, Next compliance check date is reported in the past.

  • CRSVC-28322: Time Windows not accessible (This door is locked).

  • CRSVC-27913: Locale stays English in Device > Certificate > List View > Filters > Status even though Locale is configured as Japanese.

  • CRSVC-28467: GSX Cert Save Failed Password Invalid.

  • ENRL-3348: UEM Notifications configuration changed when parent OG is changed.

  • ENRL-3362: Admin is able to override enrolled enrollment token records.

  • FCA-201514: Error occur when we try assigning a device to Telecom Plan.

  • FCA-201658: Report Next Execution date & time won't be calculated properly after Friday's execution.

  • FCA-201708: Message Preview the page is null on browsers like Firefox and Chrome.

  • ENRL-3406: Multiple Declarations in X-Frame-Options Header and Set-Cookie Header.

  • FCA-202463: Console email notifications show stretched VMware logo.

  • FCA-201915: Unable to login to UEM using CSP.

  • FCA-202475: Freestyle Orchestrator workflow identifier version is showing up in string format it should be friendly version identifier.

  • FCA-202485: Wi-Fi IP address showing up as "" under Device Details > Network tab.

  • FCA-202475: Unable to delete custom command in pending state.

  • FS-1017: Workflow Sync is missing from More Actions > Workflows.

  • FS-860: Unable to edit other roles with any role that doesn't have freestyle permissions.

  • AMST-35708: Mac KEXT profile output has empty string.

  • INTEL-34744: Recovery Key Escrowed value not matching UEM.

  • MACOS-2855: Terms and Conditions Accept button not easily visible.

  • PPAT-10715: Tunnel backend airwatch certificate regenerate not showing the updated expiry date.

  • PPAT-9691: Tunnel configuration details is blank when device is moved from one OG to another.

  • RUGG-10647: Facing error when creating or editing the profiles present in file/actions Error: Please refresh and try again.

  • UM-7345: Update UserV2 patch endpoint.

  • UM-7355: Accented or Umlauted characters not contained in username overriding actual username of users when added through device registration when account is added with these characters.

  • UM-7411: Devices unable to move to different OG's based on UserGroup Mappings after Auto Sync.

  • MACOS-3083: Unable to enroll Mac Studio devices through Automated Device Enrollment. Patch Resolved Issues

  • AAPP-13852: macOS VPN payload unable to deploy profile to devices or view XML after publishing.

  • AGGL-11974: Zebra device model being reported as Unknown.

  • AAPP-13935: Clicking "Add" is crashing the page.

  • AAPP-13927: macOS DDUI - New version of profiles create a new PayloadUUID for subpayloads.

  • AAPP-13892: macOS Firewall (Native) payload - Most XML keys are not included when profile is saved.

  • AAPP-13838: Security & Privacy - Payloads do not have a randomized PayloadUUID which results in a failure of the profile to install on devices.

  • AAPP-13853: Cannot edit a macOS payload of certain types after initially publishing. Patch resolved Isssues

  • AGGL-11977: Able to enroll without registering as an allowed device for Android OS version 12 in Work Profile mode even if the console enrollment mode is "registered devices only".

  • CRSVC-29317: Add customer toE2E integration test for faster workflow delivery flow.

  • PPAT-11235: Enable the feature flag "Console Admin Action" to production.

  • MACOS-3148: Seed 22.05 Hub to Canonical master.

  • AMST-36186: Seed v2203.9 patch SFD to UEM.

  • FCA-202828: Unauthorized endpoint in MVC -> Angular migration: Account > Administrators > System Activity >batch Status. Patch Resolved Issues

  • MACOS-3172: macOS Privacy Preferences profile character limit.

  • AAPP-13994: macOS DDUI Workspace ONE Tunnel Profile does not include all keys and devices cannot connect to Tunnel.

  • AGGL-12045: Android Auto Seed: Model of Android devices are missing on the console and displayed as "Unknown" instead of script correction.

  • CRSVC-29792: S/MIME certificates seemingly corrupted on DB.

Known Issues


  • Device Friendly Name and Enrollment User hyperlinks are disabled on Device Events and Console Events pages.

    Hyperlinks in the Device Friendly Name and Enrollment User columns are disabled on the Device Events page. UEM admins will not be able to redirect to the Device Details or User Details pages directly from the Device Events page 

    As a workaround, you can view and copy the Device Friendly Name and/or Enrollment User from the Device Events page then manually navigate to the Device List View or Users List View pages and perform a search to view the details.

  • Freestyle Orchestrator workflow identifier version is showing up in string format instead of the friendly version identifier

    Workflow identifier version on Intelligent Hub is displayed as a string format instead of an end user friendly format. This might lead to bad UI experience for end users but does not impact the functionality of workflows.

    There are no workarounds for this issue.


  • Profile V2 Search API working only for the device profiles.

    Profile V2 Search is only giving results for the device profiles, but the provisioning policy profile details are not shown in the API result.

    You can continue to use the Profile V1 Search.

check-circle-line exclamation-circle-line close-line
Scroll to top icon