VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features in 2212, issues resolved, and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs

  • Phase 2: Shared SaaS environments

  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article.

Getting Ready for Apple Major OS Updates 2022

Interested to learn about the recent Fall 2022 releases for Apple? See Getting Ready for Apple Major OS Releases 2022 for more information.

New Features in this Release


  • We've enhanced certificate retrieval for Entrust and OpenTrust PKI.

    To support retrieving and deploying past S/MIME certificates to devices (for decrypting older S/MIME emails encrypted with a past, expired certificate), you can now enable For S/MIME on the certificate template for Entrust and OpenTrust PKI CAs. This checkbox on the certificate template determines whether historical certificates are retrieved or not. Additionally, all existing EntrustPKI V9 and Opentrust PKI CA's will have the For S/MIME checkbox checked through the one time migration.

  • Conditional Access Support for On-Premises UEM Console in a Closed Network Environment.

    On-premises customers with closed network UEM console environments can now enable Microsoft Azure AD conditional access by enabling feature flag ConditionalAccessClosedNetworkSupportFeatureFlag. With this feature, customers with closed network UEM console are no longer required to create a publicly resolvable UEM console URL for VMware Workspace ONE Intelligence to reach out to over port 443. For more information, see Use Compliance Data in Azure AD Conditional Access Policies.

  • A new dashboard for Windows and macOS!

    On the Devices Dashboard page of the Workspace ONE UEM console, you can now see newly added dashboards. These dashboards display the number of iOS devices running each version.

  • Getting Started with VMware Identity Services in Workspace ONE UEM

    We’ve added a service that makes user and group provisioning easier! You can now leverage VMware Identity Services to configure your single, provisioned directory of users and groups using the SCIM 2.0 protocol in the Workspace ONE cloud admin console. VMware Identity Services will automatically provision users and groups, and authentication settings, to your Workspace ONE UEM console. You manage the directory from the Workspace ONE cloud admin console. Directory, user, user groups, and identity provider settings in Workspace ONE Access and Workspace ONE UEM become read-only. For more information, see the VMware Identity Services Release Notes.

    VMware Identity Services supports the following identity providers and directory sources:

    • Azure AD, a cloud-based identity service in Microsoft Azure

    • Generic SCIM 2.0 Identity Source


  • Deploying iOS profiles is now easier and faster with the new data-driven user interface.

    With the new Data-Driven User Interface (DDUI) user experience, you can now quickly add payloads, search, and view profile summaries. Keep an eye out for this new iOS user experience for shared SaaS. We intend to add more payloads and keys released by Apple to Workspace ONE in the future, allowing administrators to deploy much more quickly. This functionality will have a gradual rollout across Shared SaaS. For more information specific to iOS profiles, see iOS Device Profiles.


  • We've made changes to passcode content requirements for Android devices.

    A new Passcode Complexity setting is now available in the Work Passcode and Device Passcode sections of Passcode Profile. This feature lets you determine whether you want basic or advanced password settings on the devices of your users. For more information, see Android Passcode Profile.


  • We’ve enhanced and improved Bitlocker.

    We've added the ability to configure encryption of removable drives in the Workspace ONE UEM console through the BitLocker To Go settings. You can now customise the encryption method, minimum password length, and the ability to encrypt only used space.

  • Workspace ONE UEM 2212 adds support for Windows 10 virtual machines running on Amazon WorkSpaces. 

    For Windows 11, Amazon WorkSpaces does not yet provide an option for Windows 11 virtual machines. Therefore, support has not been validated by VMware for Workspace ONE UEM on Amazon WorkSpaces for Windows 11. BitLocker management, licensing and basic user profiles are not supported by Amazon WorkSpaces


    Amazon WorkSpaces virtual machines have specific restrictions they enforce which will prevent UEM from modifying these settings.


  • Workspace ONE UEM 2212 adds support for Linux virtual machines running on Amazon WorkSpaces.

    Both Ubuntu and Amazon Linux 2 WorkSpaces instances are supported with UEM. 


    UEM is unable to determine whether an Amazon WorkSpaces virtual machine is encrypted. This will be included in a future UEM release.

Resolved Issues

Resolved Issues for 2212

  • AAPP-15032: tvOS DDUI Unknown Certificate Type.

  • AGGL-11827: Unbinding G-Suite Android EMM Registration failed.

  • AMST-37821: Device details page wrongly shows compromised status as "Not Compromised" where it should be "Unknown".

  • CMSVC-16654: Smart Group deletion fails when workflow deleted assignment present for the device and application.

  • AAPP-15095: App details are not getting pre-filled when uploading internal app in UEM 22.09 or above.

  • UM-7787: LDAP Definition delete fails due to FK constraint.

  • MACOS-3459: macOS DDUI security and privacy profile is failing to install on MACOS devices.

  • FCA-204402: Unable to add Directory accounts with SAML only integration.

  • CRSVC-33035: Certificate revocation not working for OpenTrust.

  • CRSVC-33876: Post Workspace ONE UEM upgrade to 2209, servers hosted on 2012 R2 fail health checks.

  • CRSVC-33755: If the filter is changed after you upgrade to Workspace ONE UEM 2210 release, the event data will not be populated until refreshed.

  • ARES-23988: Android Public Application Assignment was not working as expected.

  • ARES-23915: Unable to enable CDN for a customer type OG.

  • MACOS-3460: Few keys failed to populate while editing network profiles.

  • ARES-23951: Internal app publish failed due to duplicate key insert error.

  • ARES-23996: Unable to preview Terms of Use while deploying any apps.

  • FCA-204417: Workspace ONE UEM console unexpectedly exports all the admin accounts, irrespective of the current admin role in the Workspace ONE UEM 2210 release.

  • PPAT-12882: During an upgrade, tunnel migration encounters data error.

  • FCA-204401: "Open Help Page" link on the Internal app details view page leads to a broken documentation link (404 error).

  • ARES-23860: Specific stored procedure displays collation error during an environment upgrade.

  • RUGG-11607: Workspace ONE UEM 2206 release, the files downloaded from Files or Actions were empty.

  • CMCM-190239: When all contents in a category are assigned to a User Group, the category failed.

  • FCA-204401: Admin email address field does not accepts + and many more symbols.

  • FCA-202372: Moving a device to a different OG failed when device wipe was triggered.

  •  AGGL-13259: Android Hub auth token gets revoked when the Hub assignment is removed.

  • MACOS-3284: AirWatch CA Template does not populate.

  • MACOS-3378: Certificate is not referenced correctly in the Network payload.

  • MACOS-3385: Network profile lookup values were not resolved.

  • CMSVC-16550: Smart Group Assignment on Checkout fails when the smart group criteria contains Device Model.

  • CMSVC-16558: Workspace ONE Intelligence Tag Automation failed with HTTP error in Workspace ONE UEM during an API call.

  • CMEM-186728: Can Microsoft Exchange integration account password of other tenants through API Endpoint.

  • FS-1766: Removing application request causes Device Details page to fail.

  • RUGG-11528: Wallpaper set up using launcher persists on the device even when removed.

  • AMST-37639: Unable to install user profile. Receiving error when trying to push manually.

  • AGGL-13268: Unable to upload Calculator application from the internal apps section.

  • AGGL-13339: Unmanaged apps can be removed from UEM console when the app was previously managed.

  • AAPP-14986: Increased DS memory usage was observed after upgrade to Workspace ONE UEM 2209 release.

  • ARES-23277: Increase the SP timeout for procedure.

  • CRSVC-33499: Unable to save syslog settings with hostname due to error Save failed Invalid Host name.

  • UM-7632: Unable to see users at the parent OG level using API/system/users/search after changing user group permissions.

  • FCA-204007: Unable to pull storage information with API.

  • ARES-23708: TOU page fails in the Workspace ONE UEM console.

  • ARES-23741: Troubleshooting event for Component Profile fetch shows wrong user information.

  • ARES-23063: Text overlap in the profile assignment list view.

  • ARES-23645: After upgrade to Workspace ONE UEM 2203 release, the profiles failed to be removed during the first attempt.

  • RUGG-11472: Apps API returned both Elective Products and Required Products for macOS Hub Catalog.

  • CMSVC-16621: Optimize Assign/Unassign Tag Device APIs to remove unnecessary Device List DB call.

  • RUGG-11520: Limit page size for custom attribute search API.

  • FCA-204004: Event Data modal was not getting loaded for device and console events.

  • RUGG-11581: Editing Launcher layout by deleting rows leads to the Launcher being unable to launch when the “Add Row for Pinned Apps” is enabled.

  • INTEL-43347: Display Last Checked Out Username in Workspace ONE UEM Devices data in Intelligence.

  • AAPP-15010: Devices enrolled with the Default Staging account do not prompt for login. Device Staging was disabled in the database.

  • AMST-37542: Device compliance status for baselines was switching from compliant to non-compliant mode.

  • AGGL-12098: Request to increase the maximum character limit for fields in the Chrome Browser settings profile.

  • FCA-204272: Custom device activation template was not sent sent to the devices that were enrolled through SSP.

  • AAPP-15027: Certain VPP Apps are stuck in Pending Check.

  • CMCM-190220: Duplicate key error occurs when content map data has >1 status.

  • UM-7697: Assignments based on user group do not update name when name of user group is changed.

  • UM-7697: AirWatch Purge expired Sample Data SQL job was failing.

  • AGGL-12919: Android build version field was blank while exporting CSV/XLSX with custom layout.

  • PRFL-18: Adding excluded smart group in the profile payload causes the page to crash if the same smart group was already added to the included smart group.

  • AMST-37551: Adding a new version for win app failed in certain scenarios (EAR or change icon). Patch Resolved Issues

  • AMST-38045: Dropship Online Self Service not working on multiple shared SaaS environments.

  • CMCM-190304: Date and time format is not localized under edit content repository template page.

  • AAPP-15235: Device details information must be fetched and displayed.

  • AMST-38009: Unable to modify and save the install command for Windows app.

  • FS-2528: Unable to add more than 20 resources for Windows devices.

  • PPAT-12973: STR with multiple port ranges are separated into multiple lines.

  • CMEM-186750: MEM RunCompliance pushing the managed devices into the blocked state when MEM Compliance is enabled.

Known Issues

  • AAPP-15138: Installation count has not updated for Apple Books.

     When deploying books to Apple devices, book status incorrectly displays as "uninstalled" despite the book being installed and available to the end user. This is a cosmetic issue and does not prevent the ability to deploy books.

    There is no current workaround for this issue.

  • AMST-37856: Device details page wrongly shows compromised status as "Not Compromised" where it should be "Unknown".

    The compromised Status of the windows Device is derived from the sample (HAS and windows security sample). When Device has not reported the sample, the compromised Status should be unknown but currently shows as "Not Compromised".

    There is no current workaround for this issue.

Support Contact Information

To receive support, access VMware Customer Connect. To learn more about the support policies, see Support Policies. For information about filing a Support Request in Customer Connect and using Cloud Services Portal, see the VMware knowledge base article at here.


To learn more about Workspace ONE UEM you can browse the following documentaion link

check-circle-line exclamation-circle-line close-line
Scroll to top icon