VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features in 2302, issues resolved, and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo, Shared SaaS UATs, and Latest Mode UATs

  • Phase 2: Shared SaaS environments

  • Phase 3: Latest Mode environments

This version is initialy available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article. Workspace ONE UEM for 2302 release will also be an on-premises release.

Getting Ready for Major OS Releases

Interested in learning about the latest major OS updates and their resulting implications on Workspace ONE? See the Getting Ready for Major OS Releases section in VMware Workspace ONE UEM Console Documentation for more information.

What's New


  • We’ve improved our Device Profile Search to check against more qualifiers.

    We have enhanced the search while creating Android and tvOS device profiles. Your searches are now applied to setting descriptions, tooltips, payload subcategory labels, and platform qualifiers, which appear in bubbles to the right of the settings, in addition to the name of the setting. For more information, see Add a General Profile.

  • Introducing new APIs for performing bulk actions on Enrollment tokens.

    We've now added new APIs for retrieving, deleting, and revoking Enrollment tokens in bulk. To identify the Enrollment token, these APIs use the enrollment-token uuid as the key. We have limited the update to 500 tokens per call to maintain efficiency. When the number of tokens exceeds the limit, the API rejects all bulk updates and returns an error. Following are the APIs:

    • Use DELETE (api/mdm/enrollment-tokens) for bulk delete.

    • Use PUT (api/mdm/enrollment-tokens?action=REVOKE) for bulk revoke.

    • Use POST (api/mdm/enrollment-tokens) to retrieve tokens in bulk.

    For more information on these APIs, refer the API help page.

  • Mandatory Smart Group Migration to Customer OGs

    If you have smart groups created in global or any organization group  that lacks a parent OG of a customer type, you must follow the smart group migration procedure. The procedure is fully customer directed but it is not optional. For more information about the smart group migration, see Migrating Smart Groups.


  • You can now control the installation of apps from your personal Google Play Store on your COPE devices.

    The Application Control profile now includes a new setting, Application Control on COPE, that lets you apply the settings to the device's Work or Personal profiles. For more information, see How to Configure Android Profiles.

Chrome OS

  • You can now manage ChromeOS devices for both Enterprise and Education domains using Chrome Management v2 (Chrome Policy API).

    Enterprise and Education Chrome OS devices are now managed using Chrome Policy API, which is the 2nd generation of the cloud-based device management solution for Chrome OS. This will be the default management method for Chrome OS devices. For more information, see Using Chrome OS Devices with Chrome Policy API.


  • We now support on-demand workflow deployment options for macOS devices.

    You can now configure deployment options for individual macOS workflows. In the workflow Admin Panel, after you enter the Platform and select a smart group for your workflow, you can select the deployment options for your workflow.  For more information, see Configure On-Demand Workflow Deployment Options topic.

  • We're adding new functionality to support copying, exporting, and importing workflows.

    You can now easily import and export workflows, copy workflows within the same OG, and duplicate a workflow into another OG. This feature allows you to replicate and repurpose workflows for different personas, use cases, or geographies without the need for manual work or side-by-side comparisons, reducing potential errors. Additionally, it is now simple to import test workflows from UAT into production after exporting them in bulk from UAT.


  • Standard Device profiles no longer need an active user session.

    Workspace ONE now supports deploying resources and commands with no active user session. These resources are consumed by the device as long as the device is powered on and connected to a network. To view the inventory of profile and console commands that can be used without an active user session, see Workspace ONE UEM Profiles for Windows.

  • Defer installation of Native Workspace ONE UEM Application.

    You can now enable application installation deferral that is natively built into Workspace ONE UEM. To use this native deferral capability, select UEM from the Use UEM or Custom Notifications settings to allow the user to postpone the application installation until a time that is convenient for the user.

  • We have made some updates to what happens after enrollment of Azure AD UPNs.

    There were occasional re-syncing issues with the Azure AD UPNs post enrollment. This has been resolved and is now working as designed.

  • We've added new Windows Updates Profile features along with a Windows Updates (Legacy) Profile page.

    New features to the Windows Updates Profile now offer the ability to have use case driven setting selections that are fully supported on Windows 10 20H2 and above. The enhancements include:

    • Windows Updates Profile page - Explains the new supported settings and configuration.

    • Windows Updates (Legacy) Profile Page- It is for Windows Desktop devices using Windows 10, 1909 or previous. A button to migrate can be found here.

    • A Migration Button- Provides easy profile migration by automatically updating your  old settings to the new supported ones.

    • Pause & Rollback Buttons- After migration if you find issues with some drivers or third-party software you can now Pause and/or Rollback both feature and quality updates to resolve any issues.

    For more information, see:  Windows Updates Profile & Windows Updates (Legacy) Profile pages.


  • View queued product components on relay server.

    Similar to viewing remote files on the relay server, you can now view product components in the queue on a relay server. For more information, see Relay Servers.

Before You Begin

The Workspace ONE Unified Endpoint Management (UEM) console supports the latest stable builds of the following web browsers.

  • Chrome

  • Firefox

  • Safari

  • Microsoft Edge

Comprehensive platform testing has been performed to ensure functionality using these web browsers. If you run the UEM console with an older version browser or on a non-certified browser, you can experience minor issues.

Resolved Issues

2302 Resolved Issues

  • AAPP-15465: Workspace One UEM unable to launch device list or assignment tab.

  • AGGL-13656: UEM Console shows incorrect setting for "Allow PIN at Startup" if the record is not present on DB.

  • ARES-24838: App ready progress 0%.

  • AMST-38401: Request that users be able to upload image into Lockscreen Overlay in the Samsung Knox Passcode payload.

  • ARES-24538: Unable to create an application on the console using powershell script in on premise environment.

  • CRSVC-35335: Blank report being exported when we are using Module filter.

  • CRSVC-35012: DEP device once reset and reenrolled is not generating new certificate but still using the revoked cert on the device.

  • CRSVC-35864: Compliance Status 'Unknown' in Device List View.

  • ENRL-3684: UDID retained post unenrollment/delete the device entry from UEM.

  • MACOS-3626: Existing profile configuration values are not retained in the console UI after DDUI enablement.

  • INTEL-45450: Intelligence - DN (distinguished Name) change in AD/UEM (Active Directory) not reflecting in Intelligence.

  • AAPP-14996: iOS Device Updates details shows inconsistent data in the Devices grid.

  • AAPP-15375: Internal iOS App details display incorrect BundleID.

  • ARES-24653: Unable to delete retired app.

  • AAPP-14645: On a shared iOS device when a new VPP app is assigned, the existing apps gets hidden.

  • ARES-24638: Terms Of Use List view inaccessible and Terms Of Use Reporting was showing inconsistent results.

  • ARES-24657: Android app publish failed with duplicate key violation.

  • AMST-38305: Computer name field missing for Windows devices.

  • ARES-24671: Unable to view or edit Credential Profile in Workspace ONE UEM.

  • AAPP-15253: Unable to modify industry templates.

  • AAPP-15032: tvOS profiles using DDUI, falsely report invalid certificate typing, while attempting to upload a valid certificate.

  • AAPP-15335: User-enrolled iPad devices are not showing device model details on the Device friendly name and under Device Model.

  • AGGL-13603: Migration remains active on the database and is not displayed on the console.

  • AAPP-15360: After Workspace ONE UEM upgrade from 22.06 to 22.09, VPP Assignment is not working as expected.

  • AGGL-13579: Unable to view XML or install Android profile containing both VPN and Credentials payloads.

  • AGGL-13486: Display model of Samsung devices shows as "S" instead of the corresponding models.

  • AGGL-13598: Apps not installing apps on share devices.

  • AGGL-13645: Microsoft Surface Duo (Android) enrollment was blocked.

  • AMST-37445: Workspace One Catalog was not displaying Custom Category when added to Windows Script.

  • AMST-37867: When Windows proxy profile was modified to disable Setup Script, the Pac details were not getting removed from the device.

  • AMST-37889: Location option was missing in Bulk management for Windows devices.

  • AMST-37893: Unable to modify and save the install command for the Windows app.

  • AMST-37985: Not showing device as enrolled and not receiving apps or profiles.

  • AMST-37990: Dropship Online Self Service not working on Multiple Shared SaaS environment.

  • AMST-38260: Double-byte character part of default association configuration file path in Baseline setting is garbled.

  • AMST-38179: PPKG Generation Process on 2302 is writing wrong Console version to PPKG causing process to fail.

  • ARES-24049: User-context cert profile installed through Workflow not saving UserId in CDD.

  • ARES-24130: Specific API calls are not logged to the Console Event log.

  • ARES-24216: Unable to see any installed apps in Apps section in the Workspace ONE UEM console.

  • ARES-24419: Unable to renew provisioning profile for internal iOS apps.

  • ARES-24413: Every time we try to do application 'install' through the device app tab we get crashed rocket.

  • ARES-24459: Public app uninstall API is not working for systems apps.

  • ARES-24491: Install enterprise application failures for macOS.

  • ARES-24474: Enterprise Application Repository is no longer able to add iTunes application.

  • CMSVC-16690: Unable to load Assignment groups list view and unable to load assignment groups in app assignments.

  • CMSVC-16682: Inconsistent in naming Smart Group.

  • CRSVC-28862: Overview page shows incorrect data for Devices without Required Apps.

  • CRSVC-33742: Random slowness observed in API Explorer.

  • CRSVC-34334: Compliance policy not being evaluated for roaming cell data usage.

  • CRSVC-34343: The certificate along with the private key is not stored on the Windows rugged device.

  • ENRL-3682: We are able to enroll any random iOS device even if they are not registered when the Device Enrollment mode is set to Registered devices.

  • FCA-204859: General search returns ASCII value for apostrophe in the device friendly name.

  • FCA-204484: Incorrect alignment of app assignment columns.

  • FCA-204487: Unable to Add Admin AD Accounts from Child Domain.

  • FCA-204556: General search returns ASCII value for apostrophe in the device friendly name.

  • FCA-204565: Device Asset Number gets removed when original OG where device was enrolled is deleted.

  • FCA-204677: Unable to search and add directory accounts in the Workspace ONE UEM version 2210.

  • FCA-204882: Email validation issue while creating a new admin account, if root domain is more than 3 character.

  • FCA-204699: Username does not change according to the Network Range assignment.

  • FCA-204721: The Workspace ONE UEM Console always prompts for Optin for admins accessing intelligence from UEM.

  • FS-759: Freestyle Orchestrator workflow identifier version was showing up in string format it should be friendly version identifier.

  • FS-2675: Conditions are not evaluated in macOS Freestyle.

  • INTEL-45032: Customer reporting device hostname is incorrect and inconsistent in Intelligence platform.

  • FS-2333: Unable to add more than 20 resources for Windows devices.

  • MACOS-3510: Seed model information for macOS devices.

  • MACOS-3515: Rocket space man error occurred, when tried to access the Security tab for macOS device.

  • MACOS-3516: Issue with “Set Device Name to Friendly Name” feature on DEP enrolled macOS devices.

  • MACOS-3573: Device Friendly Name for new enrollments was not visible.

  • MACOS-3563: All profiles are being re-pushed to devices.

  • MACOS-3591: Spaceman error occured when loading Accounts > Users > List view.

  • PPAT-12729: DTR updates were not consistently consumed by Windows devices.

  • PPAT-13428: iOS VPN profiles have the incorrect DTR rule set applied for devices.

  • PPAT-12943: The Workspace ONE UEM console displays incorrect certificate template when switching OGs on Tunnel Configuration page.

  • RUGG-11675: Product Provisioning issues after Workspace ONE UEM and UAG upgrade.

  • RUGG-11685: Loading screen takes more than 1 hour when you click Send button on the Device list page selecting all iOS devices.

  • RUGG-11682: Customer’s Dedicated SaaS environment becomes unresponsive intermittently.

  • RUGG-11736: The MaintainCondition post API call fails with Oauth.

  • RUGG-11763: Unable to save when trying to create a delete file Manifest in File or Actions with an Absolute Path on the console.

  • RUGG-11687: Unable to search for Custom Attributes Assignment Rules from second page onwards.

  • RUGG-11733: The MaintainCondition API call failed.

  • SINST-176015: Powershell integration was not working with Modern Auth enabled.

  • UM-7866: IDOR Exposes All Users Across Tenants through User Groups Functionality.

  • INTEL-47389: Windows devices unenrolled- 'Unenrolled', native client requested to unenroll the device"

  • INTEL-47223: VPP application assignments are not sent to intelligence.

  • FCA-204884: Bulk device delete fails on 2210 version of UEM.

  • FCA-204866: Device Search API is not returning WiFi SSID in the response.

  • FCA-204915: Device preview on DLV grid showing incorrect device records.

  • FCA-204899: Admin is not able to change Security PIN for first attempt in the UEM console. Patch Resolved Issues

  • CRSVC-36795: High CPU utilization post upgrade to 23.02. Patch Resolved Issues

  • AMST-38777: Windows marked as compromised after UEM upgrade to 2302.

  • AGGL-14138: [i18n] String "Recreate Profiles" is not loading and show not globalized in New Migration page.

  • FS-3045: Multiple clicks on save/ assign button creates multiple Time Windows.

  • AMST-38677: Windows DM Session table not being updated.

  • ARES-24875: Unable to save SDK Settings after editing 'Allowed Sites' under Integrated Authentication.

  • ARES-25141: AirWatch Database Purge expired Sample Data SQL job is failing.

  • ENRL-3737:Enrollment restrictions not being honored for iPad devices.

  • CMCM-190414: enterpriseContent.LoadManagedContent_ByDeviceID_V3 SP timing out on CN504.

  • AAPP-15714: Issues with homescreen payload.

  • ARES-25032: Getting error message on UI upon saved the application assignment.

  • CRSVC-36194: Failed to retrieve bearer token to revoke the refresh token for Office365 apps. Patch Resolved Issues

  • AAPP-15775: Fixed data mismatch between canonical and device state.

  • FCA-204855: Upgrade node and pact verifier package on 2302.

  • AAPP-15771: APNsOutbound messages throttled and shows failure code: Unknown.

  • UM-7971: Unable to modify existing admin groups in UEM.

  • AGGL-14335: Android apps not displaying in Hub catalog due to missing Google EMM registration.

  • FCA-205253: Custom Admin Roles unable to load API pages after upgrade to 2212.

  • FCA-205184: Bento incorrectly redirects Workspace ONE Intelligence.

  • CMEM-186848: Sync Mailbox is failing due to unmapped device records.

  • CMSVC-16952: Unable to load Assignment and Organization groups list view and unable to load assignment groups in app assignments.

  • FS-3142 : Editing imported workflow crashes console if replacing missing app.

  • ARES-25170: Improve and optimize Entity Reconcile Service to reconcile devices in batches. Patch Resolved Issues

  • AGGL-14521: Unable to edit existing Android Enterprise DDUI profiles.

  • AMST-38795: [Patch Mgmt] Update supported range for Configuration Deadline configs.

  • CMSVC-16975: Unable to load Assignment groups list view page and unable to load assignment groups in app assignments.

  • AMST-38807: Sample Save SPROC causing deadlocks.

  • AMST-38810: Stop SOAP API if Query Optimization query is turned on.

  • FCA-205270: "Trouble logging in" page for admin account shows error message if username includes special characters.

  • UM-7889: Manual LDAP attribute sync fails with an error.

  • AMST-38740: Seed HUB to UEM console.

  • ARES-25355: Add support to read data for a field from multiple payload storage.

  • MACOS-3768: macOS DDUI - Unable to select SCEP certificate in Network payload. Patch Resolved Issues

  • CRSVC-37277: Changes for correcting workflow type in 2302.

  • CRSVC-37254: Hub UI fails to display privacy details for Device Management.

  • AGGL-14554: Remove unwanted calls that are made to play.google.com when user saves a new app or edits the application assignment.

  • CMSVC-16970: Intelligence Automation is not working as expected. 

Known Issues

  • LUEM-534: Device details - Certificate tab shows Certificate status as Pending Install

    After successfully installing Certificates for Linux devices using profiles, the Certificate status in the UEM console remains as Pending Install or Unknown. However the certificates are getting deployed successfully to the devices.

    Updating the certificate status based on sampling is affected but existence of the certificate entry in the device details can be considered as the successful deployment of the certificates on device.

  • FS-2637: Editing and saving imported or duplicated workflow using the Details page causes a crash.

    Customers who use the duplicate or import feature for Freestyle workflows are noticing that saving edits is causing the console to crash, if navigating to the editor using the workflow details page.

    You should use the list view instead. Select the checkbox of the workflow you’d like to edit, then click the edit button. From here, the editor should work properly and you can save changes without the console crashing. If you accidentally enter the editor from the workflow details page and save, which causes console to crash, use shift+ctrl+r or clear the browser cache. You will be able to access the workflow again.

  • FS-3030: Editing imported workflow crashes console if replacing missing app.

     For some imported workflows, the UEM console crashes if clicking into a missing app step.

    Admin should just delete the step if this happens and replicate it by adding a new step.

  • ENRL-3687: Even when device has upgraded its OS, on UEM it still shows the old value.

    When the OS version that the device upgraded to is not seeded in the UEM database, the issue arises. As a result, the OS version in the DB is not updated by the beacon flow.

    There is no workaround for this issue.

  • UM-7887: Manual LDAP attribute sync fails with an error

    If the customer has managed iOS devices enrolled and have UserManagementDeviceStateIntegrationFeatureFlag enabled then manual attribute sync fails.

    There is no workaround for this issue.

Support Contact Information

To receive support, access VMware Customer Connect. To learn more about the support policies, see Support Policies. For information about filing a Support Request in Customer Connect and using Cloud Services Portal, see the VMware knowledge base article at here.


To learn more about Workspace ONE UEM, you can browse VMware Workspace ONE UEM Console Documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon