About Workspace ONE UEM Release Notes

VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced in 2204 and resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo, Shared SaaS UATs, and Latest Mode UATs

  • Phase 2: Shared SaaS environments

  • Phase 3: Latest Mode environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article.

Getting Ready for Apple Fall 2021 Releases

Learn more about the upcoming Fall 2021 releases for Apple. See Getting Ready for Apple Fall 2021 Releases for more information.

New Features in this Release


  • Managed configuration for internal applications

    You can now apply Managed App Configurations to Android Internal Applications. When assigning Android Internal Applications through the Workspace ONE UEM console, Workspace ONE UEM displays all supported Managed App Configuration key-value pairs for the application under the Application Configuration tab. This feature requires Workspace ONE Intelligent Hub 22.04.


  • Deploying macOS profiles is now easier and faster with the new data-driven user interface.

    With the new Data-Driven User Interface (DDUI) user experience, you can now quickly add payloads, search, and view profile summaries. Keep an eye out for this new macOS user experience for shared SaaS. With the initial release of the new profile framework for macOS, we are adding new payloads and payload keys to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below:

    • Associated Domains

    • Content Filter

    • DNSSetting

    • FileProvider

    • Firewall (Native)

    • Kernel Extension Policy

    • Restrictions

    • Certificate Transparency

    • Skip Setup Assistant

    • SSO Extension

    We intend to add more payloads and keys released by Apple to Workspace ONE in the future, allowing administrators to deploy much more quickly. This functionality will have a gradual rollout across Shared SaaS. For more information specific to macOS profiles, see macOS Device Profiles.


  • We now have a new maximum file size limit for provisioning Files or Actions.

    The maximum file size you can upload for a product's Files or Action component is now determined by your server configuration, with the maximum size topping out at 5GB. For more information, see Create a Files-Actions Component.

  • We've introduced a new product provisioning condition and Event Action to strengthen security.

    Device Offline is a new condition that detects if your Android device has not checked in with the console for a specified number of days. You can pair this condition with the new Event Action for Android, Device Wipe, to take a highly defensive security posture for lost devices. For more information see, Product Conditions and Event Actions, Android and WinRugg.

  • Get a better experience with expedited deployment of products.

    We have improved the expedited deployment of products you create. Products with this prioritisation are now preferred for delivery and installation on devices ahead of others. For more information, see Prioritize Your Product With Expedited Deployment.

Resolved Issues

2204 Resolved Issues

  • FCA-202707: Unable to delete devices from console

  • MACOS-3083: Unable to enroll Mac Studio devices through Automated Device Enrollment.

  • UM-7411: Devices unable to move to different OG's based on UserGroup Mappings after Auto Sync.

  • UM-7355: Accented or Umlauted characters not contained in username overriding actual username of users when added through device registration when account is added with these characters.

  • UM-7345: Update UserV2 patch endpoint.

  • RUGG-10647: Facing error when creating or editing the profiles present in file/actions Error: Please refresh and try again.

  • PPAT-9691: Tunnel configuration details is blank when device is moved from one OG to another.

  • PPAT-10715: Tunnel backend airwatch certificate regenerate not showing the updated expiry date.

  • MACOS-2855: Terms and Conditions Accept button not easily visible.

  • INTEL-34744: Recovery Key Escrowed value not matching UEM.

  • AMST-35708: Mac KEXT profile output has empty string.

  • FS-860: Unable to edit other roles with any role that doesn't have freestyle permissions.

  • FS-1017: Workflow Sync is missing from More Actions > Workflows.

  • FCA-202475: Unable to delete custom command in pending state.

  • FCA-202485: Wi-Fi IP address showing up as "" under Device Details > Network tab.

  • FCA-202475: Freestyle Orchestrator workflow identifier version is showing up in string format it should be friendly version identifier.

  • FCA-201915: Unable to login to UEM using CSP.

  • FCA-202463: Console email notifications show stretched VMware logo.

  • ENRL-3406: Multiple Declarations in X-Frame-Options Header and Set-Cookie Header.

  • FCA-201708: Message Preview the page is null on browsers like Firefox and Chrome.

  • FCA-201658: Report Next Execution date & time won't be calculated properly after Friday's execution.

  • FCA-201514: Error occur when we try assigning a device to Telecom Plan.

  • ENRL-3362: Admin is able to override enrolled enrollment token records.

  • ENRL-3348: UEM Notifications configuration changed when parent OG is changed.

  • CRSVC-28467: GSX Cert Save Failed Password Invalid.

  • CRSVC-27913: Locale stays English in Device > Certificate > List View > Filters > Status even though Locale is configured as Japanese.

  • CRSVC-28322: Time Windows not accessible (This door is locked).

  • CRSVC-27551: Device Last Seen Compliance stuck in pending state, Next compliance check date is reported in the past.

  • CRSVC-27418: UEM Compliance Policy crashes after adding a list of applications.

  • CRSVC-27358: Increase the SMTP username limit from 64 to 255 characters.

  • CRSVC-26782: Remove the index IX_DeviceExtendedProperties_RowVersion.

  • CRSVC-27068: Unable to delete device from UEM console.

  • CRSVC-26569: Optimization of the sp CoreAndDefaultAttributes_Update.

  • CMSVC-14568:The SmartGroup API request returns incorrect platform values for some OS platforms.

  • ARES-21960: Getting a rocket man error when trying to launch Apps > App Scan > Third party Integration.

  • ARES-21940: App Removal Log is not updated after admin action is performed.

  • ARES-21907: Editing a Whitelisted app group having 2.3K apps takes approximately 6 minutes.

  • AMST-35808: Greater Than or Equal to application detection operator not working.

  • AMST-35731: Firewall Rules name displays with garbage characters on Windows desktop.

  • ARES-21758: Failed to upload internal app via links in UEM console.

  • AMST-35798: Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console.

  • AMST-35754: Windows profile payload do not get removed when you remove a single payload from the profile with multiple payload.

  • AMST-35708: Domain Join Fails when Smart Groups Evaluated Before Enrollment.

  • AMST-35743: Windows OS build version shows different in Device list view and Device summary page.

  • AMST-35629: DSP Self Registration doesn’t sync device to OPS.

  • AMST-35619: Tool Tip description for CPU architecture displays incorrect information.

  • AMST-35704: Unable to modify Version field when using File Exists criteria for Windows Desktop applications.

  • AMST-35662: When enrolling VDI's the latest enrolled device overtakes existing devices, device record.

  • AMST-35531: Unable to run Selective App list API call on the enrolled Win 10 devices. These devices doesn't have any active users logged in due to which we are not able to receive App Samples which is restricting the upgrade for SFD agent on the device.

  • AMST-35367: Unable to delete users with removable storage associated with account and no way to remove association.

  • AMST-35391: Blobs being served by DS.

  • AMST-35486: Internal/application API not adding new version for EXE and ZIP.

  • AMST-35321: Spaceman error while navigating to Devices > Lifecycle > Staging > Windows.

  • AMST-35294: Unable to find "Allow Enhanced PIN at Startup" in Windows Encryption profile.

  • AGGL-11672: Device model information is not updated on the console.

  • AMST-35292: Customer is facing issue with enrolling VDIs hosted in Azure. The hub gets stuck in the page "Hang on while we load your workspace" when launched.

  • AGGL-11693: Handsfree R5 devices are listed incorrectly in DB and the UEM.

  • AMST-35185: Security API is not returning Bitlocker key for few devices.

  • AMST-35236: Delay in processing windows install/removal commands for apps & profiles.

  • AGGL-11656: DDUI is broken by a certificate date format in Android profiles.

  • AGGL-11629: Tags and Smart groups aren’t deleted on the UEM console when Disconnect WiFi action is performed on Zimperium console.

  • AGGL-11579: Android Devices are consuming commands slowly.

  • AGGL-11564: During Android EMM with G Suite set up, Google's 404 error page shows up when the admin clicks the link to Google Admin Console on UEM Console.

  • AGGL-11540: 'Force YouTube Safety Mode' and 'Enable Touch to Search' settings in Android Chrome Browser Settings profile are not saved with console v2111 and above.

  • AGGL-11530: Chrome OS managed App Configuration.

  • AGGL-11538: PK Violation

  • AGGL-11492: Compliance policy not blocking the “ Tecno “ devices.

  • AGGL-11484: Android 12 Profile Owner Device Serial Number "HubNoSerial".

  • AGGL-11528: Request to increase maximum character limit for Proxy Bypass Rules field in Chrome Browser Settings profile.

  • AGGL-11398: "Allow Auto Fill" for "Work Managed" setting is not changed and become same as the "Work Profile" setting.

  • AGGL-11385: App configuration update.

  • AGGL-11324: Apps are not removed from play store when all the apps are not applicable.

  • AGGL-11183: Chrome URLWhitelist or URLBlacklist does not work on the latest chrome versions.

  • AGGL-10597: Cannot select None for Allow Location Service Configuration option in Restrictions profile.

  • AAPP-13652: Public and VPP applications removed from device when Remove on Unenroll is disabled.

  • AAPP-13763: Username not visible in the tvOS "Wi-Fi" payload (DDUI).

  • AAPP-13531: VPP Book Syncs as Unknown Application.

  • AAPP-13560: [DEP] Setup Assistant > App Store value does not show up on the DEP Configuration Summary page.

  • AAPP-13593: “deviceApplication.SyncDevicesForPublicAndPurchasedApp” is timing out.

Patch Resolved Issues

  • AAPP-13853: Cannot edit a macOS payload of certain types after initially publishing.

  • AAPP-13838: Security & Privacy - Payloads do not have a randomized PayloadUUID which results in a failure of the profile to install on devices.

  • AAPP-13892: macOS Firewall (Native) payload - Most XML keys are not included when profile is saved.

  • AAPP-13927: macOS DDUI - New version of profiles create a new PayloadUUID for subpayloads.

  • AAPP-13935: Clicking "Add" is crashing the page.

  • AGGL-11974: Zebra device model being reported as Unknown.

  • AAPP-13852: macOS VPN payload unable to deploy profile to devices or view XML after publishing.

  • FCA-202828: Unauthorized endpoint in MVC -> Angular migration: Account > Administrators > System Activity >batch Status.

  • AMST-36186: Seed v2203.9 patch SFD to UEM.

  • MACOS-3148: Seed 22.05 Hub to Canonical master.

  • PPAT-11235: Enable the feature flag "Console Admin Action" to production.

  • CRSVC-29317: Add customertoE2E integration test for faster workflow delivery flow.

  • AGGL-11977: Able to enroll without registering as an allowed device for Android OS version 12 in Work Profile mode even if the console enrollment mode is "registered devices only".

  • CRSVC-29792: S/MIME certificates seemingly corrupted on DB.

  • AGGL-12045: Android Auto Seed: Model of Android devices are missing on the console and displayed as "Unknown" instead of script correction.

  • AAPP-13994: macOS DDUI WorkspaceONE Tunnel Profile does not include all keys and devices cannot connect to Tunnel.

  • MACOS-3172: macOS Privacy Preferences profile character limit.

  • CRSVC-29625: Triggering the 5K API calls per minute limit even though ithas been longer than a minute.

  • CRSVC-29922: Device Compliance check failing on Workspace ONE Access with UEM concole 2204.

  • MACOS-3203: Seed 22.05.1 Hub to Canonical master

  • ENRL-3448: Unenrollment date is null in multiple environments.  Customers are reporting that this breaking their reporting for device clean up and that this used to work.

  • PPAT-11236: Standalone Tunnel Client - Delete Device from the UEM console is not working.

  • INTEL-40505: Intelligence - Recovery Key Escrowed value not matching UEM.

  • UM-7532: On-Prem DomainJoin: Assignment screen is not auto populating "Organization Units" based on the text entered.

  • AMST-36291: Disable HardwareDeviceIdentifierForWindows Feature Flag.

  • CRSVC-30199: Use NOT_AVAILABLE as default compliance status value in migration tool.

  • AMST-36336: UEM Azure AD integration button link is broken.

  • AGGL-12196: Enterprise Wipe command missing from Device Details for Android 11+ COPE.

  • AMST-36350: Seed the v2203 Patch SFD to UEM console.

  • CRSVC-30279: Include device state supplemental tools config files in UpdateSQLServerInfo tool.

  • ARES-22394: Unable to fetch App Removal Logs in UEM console.

  • AAPP-14192: Need to confirm behavior of 'Encrypt User Information' setting.

  • AAPP-13996: Update default values for few keys of VPN payload.

  • CRSVC-30606: Layout issue in connected date field in localized versions.

  • CRSVC-30608: The translated strings "connected" and "Deauthorize" are not loaded in Google BeyondCorp card.

  • CRSVC-30610: The connected date is not localized.

  • AMST-36419: EnrollmentToken Purge encounters FK error.

  • AMST-36489: Customer cannot upload missing dependencies for some .appx files while editing them.

  • CMCM-189857: Intelligence | Sandbox ETL logs ingestion very high.

  • FCA-203488: Timeouts are seen for EnrollmentUser_DevicesByLastSeen for higher number of devices.

  • MACOS-3245: Seed the Model information for new "M2" Macs.

  • AGGL-12226: We need an override URL when Google batching is used for public apps.

  • FCA-203515: Profile creation times out when assigning SG with higher number of devices.

  • AMST-36559: ACC and AWCM timeout while publishing content to Adaptiva.

  • AMST-36565: [Device Sampling] Empty samples getting reported from WIN_RT devices.

  • CRSVC-30743: Tenant onboarding failed due to egress tenant client failed to get an access token.

  • CRSVC-30603: Integrated Authentication certificate does not rotate to new CA when we modify the settings for the Web under SDK settings.

  • AMST-36561: Trigger compliance on enrolment complete for Windows devices.

  • CRSVC-30894: Unable to delete Certificate Authority.

  • CRSVC-30900: Unable to delete devices from console.

  • INTEL-41598: ZDT DB upgrade failed while deleting SP and type.

  • CRSVC-31191: Entitlement service migration tool fails to connect to database on DB credential change.

  • RUGG-11287: Cannot disable CDN for Product Provisioning.

  • FCA-203607: Device details view crashed when selecting device enrolled via standalone boxer

  • AMST-36753: Apps deployment options not retained on Save & Publish.

  • AMST-36623: Seed v2203.4 Hub to UEM Console.

  • AGGL-12426: Set available productset calls times out for customers with huge data set causing application not available on the PlayStore.

  • AMST-36837: Device context based applications require valid user session to process uninstall.

  • CMCM-190020: Undefined Error when viewing assigned devices for Content.

  • FCA-203784: Unable to access Event Details under Monitor >Reports and Analytics.

  • RUGG-11332: Delay in Products getting assigned to Android devices.

  • CMCM-190023: DB Server CPU spiking to 100% multiple times a day.

  • CRSVC-31785: GSX test connection fails with SSL error.

  • CRSVC-31786: GSX test connection fails with SSL error.

  • AMST-36972: Unable to edit app assignments.

  • FCA-203853: Unable to load Angular Exports page.

  • MACOS-3313: macOS DDUI SCEP Payload - AirWatch CA Template does not populate.

  • AMST-36973: Unable to edit app assignments.

  • ARES-23091: Profile V2 Search API working only for the device profiles.

  • CMEM-186701: PowerShell failing: "User credential of the remote PowerShell server contains the special characters."

  • AGGL-12966: The GET profiles/[profileID] API works for random profiles.

  • CRSVC-32058: “Renew Certificate" not working as expected in Certificate list view.

  • AMST-36831: Windows Firewall Rule not working as intended on Win 10 device.

  • ARES-22980: Invalid samples from Apple and Apple OSX devices with empty unique identifiers.

  • CRSVC-32317: Add telemetry for counting usages of the unsigned Secure Channel payloads.

  • CRSVC-31979: Unable to publish scripts due to errors with console.

  • AMST-37307: Since upgrading (2204) Custom profiles are not installing for newly enrolled Windows devices.

  • AMST-37310: Device Identifier & UDID mismatch for any reason should not unenroll device.

  • AMST-37332: Compromised status change for Mac Devices are flooding Event Logs table.

  • ARES-23590: Unable to view installed, assigned, and not installed devices due to webpage crash.

  • CRSVC-33151: Unable to delete some devices from UEM through UI or API.

  • AMST-37634: Windows Desktop Enrollment with OOBE Provisioning enabled.

  • ARES-23591: Increase the sp timeout for procedure DeviceProfile_LoadDeviceSummary.

  • INTEL-44016: Add Managed Application List join in app Initial Export.

  • AMST-37558: Security sample improvements.

  • AGGL-13443: Group Organization Mode change command not queued after changing to Fixed Organization Group.

  • AMST-37745: (P2P Branch-Cache) Peer to Peer download is not working.

  • FCA-204361: Event Data modal is not getting loaded for device and console events.

  • FCA-204377: Device export with XLSX format with wrong display model.

  • FCA-204504: Not able to remove roles for admins through UI.

  • MACOS-3568: macOS - add support for new hardware released.

  • AMST-38166: Location option missing in Bulk management for Windows devices.

  • AMST-38005: Unable to modify and save the install command for Windows app.

  • AMST-38264: Improve products delivery for newly enrolled devices.

  • PPAT-13435: iOS VPN Profiles have the incorrect DTR ruleset getting applied for devices.

  • RUGG-11792: Policy Engine stuck on environments without processing items in queue.

  • RUGG-11801: Jobs in devicePolicyJob table are not getting purged as expected.

  • AMST-38339: Antivirus and Firewall status are periodically failing.

  • AAPP-15385: Beacon sample should trigger Device Info sample but should not save OS data.

  • CRSVC-35973: Refactor EventLogService to use concurrent bag.

  • ENRL-3720: Beacon flow is wrongly updating OS info.

  • MACOS-3663: Decouple code changes to seed new MAC models.

  • AGGL-14558: Remove play API calls from GetApplicationdetails when user saves a new app or edits the application assignment.

  • UM-8000: AzureAD Integration: Replace deprecated AzureAD graph with Microsoft graph API endpoints - for user management component.

  • RUGG-12047: Custom assignment rules do not apply correctly during device enrollment, as the custom attribute data does not get pulled into the console as fast as the product jobs get queued up.

  • AAPP-15871: Phase 1 of Rapid Security Response support.

  • CRSVC-37272: Changes for correcting AppSequence workflow type in Workspace ONE UEM release 2204.

  • CRSVC-37516: Update Token Refresh Azure AD Graph API call.

  • PPAT-14133: After migration to AWS CloudFront, the Tunnel Configuration page does not load.

  • SINST-176115: Airwatch API Gateway file copy failed during deployment.

  • RUGG-12115: Product assignments are delayed.

  • CRSVC-37821: Migrate invalidate refresh token flow from AAD to Microsoft Graph API.

  • AAPP-15857: Unable to renew the provisioning profile for all versions of an application due to duplicate records.

  • UM-8071: Turn AzureAD Graph Migration Feature Flag to Production and Telemetry for Microsoft Graph API.

  • INTEL-49563: ETL | Update Device checksum sproc to remove concatenation instead send columns.

  • AAPP-15909: iOS update filtering issues.

  • UM-8127: Disable the feature toggle AzureADGraphMigrationFeatureFlag and InvalidateAllRefreshTokensMigrationFeatureFlag.

  • AAPP-16000: Hub Registered Mode Sample Collection enhancements and fixes.

  • CRSVC-38216: Un-authenticated Deviceservices endpoint to unenroll any device.

  • INTEL-50179: Intelligence enrollment users not syncing as expected.

  • SINST-176153: Updated Code signing certificate.

  • SINST-176172: DDUI Profile Screen Fix.

  • SINST-176200: Update Installer to fix issues with DDUI profile screen.

  • AGGL-15325: Remove EFOTA sample from microservices.

  • AGGL-15442: Unable to create Android profile with a Time Schedule whose UUID is NULL.

  • AMST-39536: Workaround for MSFT issue, breaking SFD installation.

  • CMEM-186887: Powershell script and UEM side changes for EXO V3 Module.

  • PPAT-14515: .NET Core version Upgrade to 6 for Tunnel Microservice.

  • SINST-176129: Install .NET Core 6 with UEM Installer.

  • SINST-176172: Fixed issues with DDUI profile screen.

  • AAPP-16438: Update device information query cellular keys.

  • AGGL-15528 Google seems to have increased oAuthToken length (AndroidWorkSetting AccessToken got truncated).

  • MACOS-4058: macOS 14 ADE enrollment fails if Custom Enrollment is off.

Known Issues


  • ARES-22107: Profile V2 Search API working only for the device profiles.

    Profile V2 Search is only giving results for the device profiles, but the provisioning policy profile details are not shown in the API result.

    You can continue to use the Profile V1 Search.

  • FS-1005: Freestyle Orchestrator workflow identifier version is showing up in string format instead of the friendly version identifier.

    Workflow identifier version on Intelligent Hub is displayed as a string format instead of an end user friendly format. This might lead to bad UI experience for end users but does not impact the functionality of workflows.

    There are no workarounds for this issue.

  • FCA-202605: Device Friendly Name and Enrollment User hyperlinks are disabled on Device Events and Console Events pages.

    Hyperlinks in the Device Friendly Name and Enrollment User columns are disabled on the Device Events page. UEM admins will not be able to redirect to the Device Details or User Details pages directly from the Device Events page 

    As a workaround, you can view and copy the Device Friendly Name and/or Enrollment User from the Device Events page then manually navigate to the Device List View or Users List View pages and perform a search to view the details.

check-circle-line exclamation-circle-line close-line
Scroll to top icon