VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features in 2302, issues resolved, and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo, Shared SaaS UATs, and Latest Mode UATs

  • Phase 2: Shared SaaS environments

  • Phase 3: Latest Mode environments

This version is initialy available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article. Workspace ONE UEM for 2302 release will also be an on-premises release.

Getting Ready for Major OS Releases

Interested in learning about the latest major OS updates and their resulting implications on Workspace ONE? See the Getting Ready for Major OS Releases section in VMware Workspace ONE UEM Console Documentation for more information.

What's New


  • We’ve improved our Device Profile Search to check against more qualifiers.

    We have enhanced the search while creating Android and tvOS device profiles. Your searches are now applied to setting descriptions, tooltips, payload subcategory labels, and platform qualifiers, which appear in bubbles to the right of the settings, in addition to the name of the setting. For more information, see Add a General Profile.

  • Introducing new APIs for performing bulk actions on Enrollment tokens.

    We've now added new APIs for retrieving, deleting, and revoking Enrollment tokens in bulk. To identify the Enrollment token, these APIs use the enrollment-token uuid as the key. We have limited the update to 500 tokens per call to maintain efficiency. When the number of tokens exceeds the limit, the API rejects all bulk updates and returns an error. Following are the APIs:

    • Use DELETE (api/mdm/enrollment-tokens) for bulk delete.

    • Use PUT (api/mdm/enrollment-tokens?action=REVOKE) for bulk revoke.

    • Use POST (api/mdm/enrollment-tokens) to retrieve tokens in bulk.

    For more information on these APIs, refer the API help page.

  • Mandatory Smart Group Migration to Customer OGs

    If you have smart groups created in global or any organization group  that lacks a parent OG of a customer type, you must follow the smart group migration procedure. The procedure is fully customer directed but it is not optional. For more information about the smart group migration, see Migrating Smart Groups.


  • You can now control the installation of apps from your personal Google Play Store on your COPE devices.

    The Application Control profile now includes a new setting, Application Control on COPE, that lets you apply the settings to the device's Work or Personal profiles. For more information, see How to Configure Android Profiles.

Chrome OS

  • You can now manage ChromeOS devices for both Enterprise and Education domains using Chrome Management v2 (Chrome Policy API).

    Enterprise and Education Chrome OS devices are now managed using Chrome Policy API, which is the 2nd generation of the cloud-based device management solution for Chrome OS. This will be the default management method for Chrome OS devices. For more information, see Using Chrome OS Devices with Chrome Policy API.


  • We now support on-demand workflow deployment options for macOS devices.

    You can now configure deployment options for individual macOS workflows. In the workflow Admin Panel, after you enter the Platform and select a smart group for your workflow, you can select the deployment options for your workflow.  For more information, see Configure On-Demand Workflow Deployment Options topic.

  • We're adding new functionality to support copying, exporting, and importing workflows.

    You can now easily import and export workflows, copy workflows within the same OG, and duplicate a workflow into another OG. This feature allows you to replicate and repurpose workflows for different personas, use cases, or geographies without the need for manual work or side-by-side comparisons, reducing potential errors. Additionally, it is now simple to import test workflows from UAT into production after exporting them in bulk from UAT.


  • Standard Device profiles no longer need an active user session.

    Workspace ONE now supports deploying resources and commands with no active user session. These resources are consumed by the device as long as the device is powered on and connected to a network. To view the inventory of profile and console commands that can be used without an active user session, see Workspace ONE UEM Profiles for Windows.

  • Defer installation of Native Workspace ONE UEM Application.

    You can now enable application installation deferral that is natively built into Workspace ONE UEM. To use this native deferral capability, select UEM from the Use UEM or Custom Notifications settings to allow the user to postpone the application installation until a time that is convenient for the user.

  • We have made some updates to what happens after enrollment of Azure AD UPNs.

    There were occasional re-syncing issues with the Azure AD UPNs post enrollment. This has been resolved and is now working as designed.

  • We've added new Windows Updates Profile features along with a Windows Updates (Legacy) Profile page.

    New features to the Windows Updates Profile now offer the ability to have use case driven setting selections that are fully supported on Windows 10 20H2 and above. The enhancements include:

    • Windows Updates Profile page - Explains the new supported settings and configuration.

    • Windows Updates (Legacy) Profile Page- It is for Windows Desktop devices using Windows 10, 1909 or previous. A button to migrate can be found here.

    • A Migration Button- Provides easy profile migration by automatically updating your  old settings to the new supported ones.

    • Pause & Rollback Buttons- After migration if you find issues with some drivers or third-party software you can now Pause and/or Rollback both feature and quality updates to resolve any issues.

    For more information, see:  Windows Updates Profile & Windows Updates (Legacy) Profile pages.


  • View queued product components on relay server.

    Similar to viewing remote files on the relay server, you can now view product components in the queue on a relay server. For more information, see Relay Servers.

Before You Begin

The Workspace ONE Unified Endpoint Management (UEM) console supports the latest stable builds of the following web browsers.

  • Chrome

  • Firefox

  • Safari

  • Microsoft Edge

Comprehensive platform testing has been performed to ensure functionality using these web browsers. If you run the UEM console with an older version browser or on a non-certified browser, you can experience minor issues.

Resolved Issues

2302 Resolved Issues

  • AAPP-13562: Handling Externally redeemed licenses for VPP apps.

  • AAPP-15465: Workspace One UEM unable to launch device list or assignment tab.

  • AGGL-13656: UEM Console shows incorrect setting for "Allow PIN at Startup" if the record is not present on DB.

  • ARES-24838: App ready progress 0%.

  • AMST-38401: Request that users be able to upload image into Lockscreen Overlay in the Samsung Knox Passcode payload.

  • ARES-24538: Unable to create an application on the console using powershell script in on premise environment.

  • CRSVC-35335: Blank report being exported when we are using Module filter.

  • CRSVC-35012: DEP device once reset and reenrolled is not generating new certificate but still using the revoked cert on the device.

  • CRSVC-35864: Compliance Status 'Unknown' in Device List View.

  • ENRL-3684: UDID retained post unenrollment/delete the device entry from UEM.

  • MACOS-3626: Existing profile configuration values are not retained in the console UI after DDUI enablement.

  • INTEL-45450: Intelligence - DN (distinguished Name) change in AD/UEM (Active Directory) not reflecting in Intelligence.

  • AAPP-14996: iOS Device Updates details shows inconsistent data in the Devices grid.

  • AAPP-15375: Internal iOS App details display incorrect BundleID.

  • ARES-24653: Unable to delete retired app.

  • AAPP-14645: On a shared iOS device when a new VPP app is assigned, the existing apps gets hidden.

  • ARES-24638: Terms Of Use List view inaccessible and Terms Of Use Reporting was showing inconsistent results.

  • ARES-24657: Android app publish failed with duplicate key violation.

  • AMST-38305: Computer name field missing for Windows devices.

  • ARES-24671: Unable to view or edit Credential Profile in Workspace ONE UEM.

  • AAPP-15253: Unable to modify industry templates.

  • AAPP-15032: tvOS profiles using DDUI, falsely report invalid certificate typing, while attempting to upload a valid certificate.

  • AAPP-15335: User-enrolled iPad devices are not showing device model details on the Device friendly name and under Device Model.

  • AGGL-13603: Migration remains active on the database and is not displayed on the console.

  • AAPP-15360: After Workspace ONE UEM upgrade from 22.06 to 22.09, VPP Assignment is not working as expected.

  • AGGL-13579: Unable to view XML or install Android profile containing both VPN and Credentials payloads.

  • AGGL-13486: Display model of Samsung devices shows as "S" instead of the corresponding models.

  • AGGL-13598: Apps not installing apps on share devices.

  • AGGL-13645: Microsoft Surface Duo (Android) enrollment was blocked.

  • AMST-37445: Workspace One Catalog was not displaying Custom Category when added to Windows Script.

  • AMST-37867: When Windows proxy profile was modified to disable Setup Script, the Pac details were not getting removed from the device.

  • AMST-37889: Location option was missing in Bulk management for Windows devices.

  • AMST-37893: Unable to modify and save the install command for the Windows app.

  • AMST-37985: Not showing device as enrolled and not receiving apps or profiles.

  • AMST-37990: Dropship Online Self Service not working on Multiple Shared SaaS environment.

  • AMST-38260: Double-byte character part of default association configuration file path in Baseline setting is garbled.

  • AMST-38179: PPKG Generation Process on 2302 is writing wrong Console version to PPKG causing process to fail.

  • ARES-24049: User-context cert profile installed through Workflow not saving UserId in CDD.

  • ARES-24130: Specific API calls are not logged to the Console Event log.

  • ARES-24216: Unable to see any installed apps in Apps section in the Workspace ONE UEM console.

  • ARES-24419: Unable to renew provisioning profile for internal iOS apps.

  • ARES-24413: Every time we try to do application 'install' through the device app tab we get crashed rocket.

  • ARES-24459: Public app uninstall API is not working for systems apps.

  • ARES-24491: Install enterprise application failures for macOS.

  • ARES-24474: Enterprise Application Repository is no longer able to add iTunes application.

  • CMSVC-16690: Unable to load Assignment groups list view and unable to load assignment groups in app assignments.

  • CMSVC-16682: Inconsistent in naming Smart Group.

  • CRSVC-28862: Overview page shows incorrect data for Devices without Required Apps.

  • CRSVC-33742: Random slowness observed in API Explorer.

  • CRSVC-34334: Compliance policy not being evaluated for roaming cell data usage.

  • CRSVC-34343: The certificate along with the private key is not stored on the Windows rugged device.

  • ENRL-3682: We are able to enroll any random iOS device even if they are not registered when the Device Enrollment mode is set to Registered devices.

  • FCA-204859: General search returns ASCII value for apostrophe in the device friendly name.

  • FCA-204484: Incorrect alignment of app assignment columns.

  • FCA-204487: Unable to Add Admin AD Accounts from Child Domain.

  • FCA-204556: General search returns ASCII value for apostrophe in the device friendly name.

  • FCA-204565: Device Asset Number gets removed when original OG where device was enrolled is deleted.

  • FCA-204677: Unable to search and add directory accounts in the Workspace ONE UEM version 2210.

  • FCA-204882: Email validation issue while creating a new admin account, if root domain is more than 3 character.

  • FCA-204699: Username does not change according to the Network Range assignment.

  • FCA-204721: The Workspace ONE UEM Console always prompts for Optin for admins accessing intelligence from UEM.

  • FS-759: Freestyle Orchestrator workflow identifier version was showing up in string format it should be friendly version identifier.

  • FS-2675: Conditions are not evaluated in macOS Freestyle.

  • INTEL-45032: Customer reporting device hostname is incorrect and inconsistent in Intelligence platform.

  • FS-2333: Unable to add more than 20 resources for Windows devices.

  • MACOS-3510: Seed model information for macOS devices.

  • MACOS-3515: Rocket space man error occurred, when tried to access the Security tab for macOS device.

  • MACOS-3516: Issue with “Set Device Name to Friendly Name” feature on DEP enrolled macOS devices.

  • MACOS-3573: Device Friendly Name for new enrollments was not visible.

  • MACOS-3563: All profiles are being re-pushed to devices.

  • MACOS-3591: Spaceman error occured when loading Accounts > Users > List view.

  • PPAT-12729: DTR updates were not consistently consumed by Windows devices.

  • PPAT-13428: iOS VPN profiles have the incorrect DTR rule set applied for devices.

  • PPAT-12943: The Workspace ONE UEM console displays incorrect certificate template when switching OGs on Tunnel Configuration page.

  • RUGG-11675: Product Provisioning issues after Workspace ONE UEM and UAG upgrade.

  • RUGG-11685: Loading screen takes more than 1 hour when you click Send button on the Device list page selecting all iOS devices.

  • RUGG-11682: Customer’s Dedicated SaaS environment becomes unresponsive intermittently.

  • RUGG-11736: The MaintainCondition post API call fails with Oauth.

  • RUGG-11763: Unable to save when trying to create a delete file Manifest in File or Actions with an Absolute Path on the console.

  • RUGG-11687: Unable to search for Custom Attributes Assignment Rules from second page onwards.

  • RUGG-11733: The MaintainCondition API call failed.

  • SINST-176015: Powershell integration was not working with Modern Auth enabled.

  • UM-7866: IDOR Exposes All Users Across Tenants through User Groups Functionality.

  • INTEL-47389: Windows devices unenrolled- 'Unenrolled', native client requested to unenroll the device"

  • INTEL-47223: VPP application assignments are not sent to intelligence.

  • FCA-204884: Bulk device delete fails on 2210 version of UEM.

  • FCA-204866: Device Search API is not returning WiFi SSID in the response.

  • FCA-204915: Device preview on DLV grid showing incorrect device records.

  • FCA-204899: Admin is not able to change Security PIN for first attempt in the UEM console.

Patch Resolved Issues

  • CRSVC-36795: High CPU utilization post upgrade to 23.02.

  • AMST-38777: Windows marked as compromised after UEM upgrade to 2302.

  • AGGL-14138: [i18n] String "Recreate Profiles" is not loading and show not globalized in New Migration page.

  • FS-3045: Multiple clicks on save/ assign button creates multiple Time Windows.

  • AMST-38677: Windows DM Session table not being updated.

  • ARES-24875: Unable to save SDK Settings after editing 'Allowed Sites' under Integrated Authentication.

  • ARES-25141: AirWatch Database Purge expired Sample Data SQL job is failing.

  • ENRL-3737:Enrollment restrictions not being honored for iPad devices.

  • CMCM-190414: enterpriseContent.LoadManagedContent_ByDeviceID_V3 SP timing out on CN504.

  • AAPP-15714: Issues with homescreen payload.

  • ARES-25032: Getting error message on UI upon saved the application assignment.

  • CRSVC-36194: Failed to retrieve bearer token to revoke the refresh token for Office365 apps.

  • AAPP-15775: Fixed data mismatch between canonical and device state.

  • FCA-204855: Upgrade node and pact verifier package on 2302.

  • AAPP-15771: APNsOutbound messages throttled and shows failure code: Unknown.

  • UM-7971: Unable to modify existing admin groups in UEM.

  • AGGL-14335: Android apps not displaying in Hub catalog due to missing Google EMM registration.

  • FCA-205253: Custom Admin Roles unable to load API pages after upgrade to 2212.

  • FCA-205184: Bento incorrectly redirects Workspace ONE Intelligence.

  • CMEM-186848: Sync Mailbox is failing due to unmapped device records.

  • CMSVC-16952: Unable to load Assignment and Organization groups list view and unable to load assignment groups in app assignments.

  • FS-3142 : Editing imported workflow crashes console if replacing missing app.

  • ARES-25170: Improve and optimize Entity Reconcile Service to reconcile devices in batches.

  • AAPP-15866: Rapid Security Response support - Phase 1

  • AGGL-14521: Unable to edit existing Android Enterprise DDUI profiles.

  • AMST-38795: [Patch Mgmt] Update supported range for Configuration Deadline configs.

  • CMSVC-16975: Unable to load Assignment groups list view page and unable to load assignment groups in app assignments.

  • AMST-38807: Sample Save SPROC causing deadlocks.

  • AMST-38810: Stop SOAP API if Query Optimization query is turned on.

  • FCA-205270: "Trouble logging in" page for admin account shows error message if username includes special characters.

  • UM-7889: Manual LDAP attribute sync fails with an error.

  • AMST-38740: Seed HUB to UEM console.

  • ARES-25355: Add support to read data for a field from multiple payload storage.

  • MACOS-3768: macOS DDUI - Unable to select SCEP certificate in Network payload.

  • CRSVC-37277: Changes for correcting workflow type in 2302.

  • CRSVC-37254: Hub UI fails to display privacy details for Device Management.

  • AGGL-14554: Remove unwanted calls that are made to play.google.com when user saves a new app or edits the application assignment.

  • CMSVC-16970: Intelligence Automation is not working as expected.

  • AMST-38847 Reduce traffic of empty sample for winRT devices.

  • CRSVC-37428: Certificates are not getting deployed to the devices.

  • PPAT-14138 : Tunnel Configuration Page does not load after migration to AWS CloudFront.

  • PPAT-14380: MFA Flag is not set to true in the tunnel allowlist table for Windows.

  • AAPP-15942: Device Sync should not queue Remove Provisioning Profile Command if PP is shared by other assigned apps.

  • AAPP-15907: iOS DDUI SSO extension profile (credential shown for generic type) xml does not contain additional settings fields.

  • CRSVC-37351: Interrogator service unable to save Certificate samples.

  • CRSVC-37372: While creating new Compliance policy under view Device Assignment page pressing enter is saving the compliance policy.

  • AMST-38884: MacOS DDUI Network profile not saving PayloadCertificateAnchorUUID issue.

  • CRSVC-37379: Certificate Import method taking time under load.

  • AAPP-15904: Wi-Fi DDUI payload is crashing on closing the third tab.

  • ARES-25414: Unintended consequences of enabling SAML Authentication for Self Service Portal on Legacy Application Catalog.

  • FCA-205323: Missing Management Mode tab and no activation email for adding email domain.

  • FCA-205349: Improve session timeout experience.

  • ARES-25410: App Config missing for Epic Rover after re-publishing the app.

  • AAPP-15907: iOS DDUI SSO extension profile (credential shown for generic type) XML does not contain additional settings fields.

  • AAPP-15973: iOS compromised status compliance policy does not complete evaluation.

  • AMST-38943: WNS Notifications - Commands are not consumed immediately.

  • CMSVC-16841: Lookout tags fail to work as expected after console upgrade.

  • CRSVC-37427: Strengthen cert-user mapping for Windows certificate-based authentication.

  • CRSVC-37682: Filters on "Console Events" completely broken on WS1 UEM console version

  • CRSVC-37673: Spaceman error occurred while accessing Device summary page of windows Rugged devices.

  • FCA-205269: Device list Export for Compromised Unknown not honored on Export.

  • AAPP-15960: iOS update filtering issues.

  • UM-8074: Enable AzureAD Graph Migration feature flag to production and Telemetry for Microsoft Graph API.

  • RUGG-12093: Update the links within Settings > System > Enterprise Integration > Pull Service Installers.

  • CRSVC-37521: Update Token Refresh Azure AD Graph API call.

  • AMST-39002: Seeding - latest SFD 23.02 build to UEM 2308, 2306 and 2302 versions

  • AGGL-14665: Android Tunnel shows 'No Managed Applications' even though the applications are present.

  • MACOS-3848: File vault rotate recovery key command was not working as expected.

  • UM-8129: Revert changes for AAD to Microsoft Graph API migration.

  • RUGG-12120: Product assignments are delayed.

  • RUGG-12161: Custom assignment rules do not apply correctly during device enrollment as the custom attribute data does not get pulled into the console as fast as product jobs gets queued up.

  • UM-8095: Fix Directory Service Assign Certificate.

  • AAPP-16039: Remove canonical read reference to Get Device User Status For VPP sproc.

  • CMEM-186865: Powershell script and UEM side changes for EXO V3 Module.

  • AMST-38980: Migration of Windows Update (Legacy) payload fails if Locale set is other than English in account settings

  • AAPP-15970: Mismatch app install status from device summary page with Apps& Books view.

  • UM-8087: Error prompted while trying to add LDAP admin group in UEM console and save.

  • ARES-25521: Handle app assignment publish failures on Astroair UI.

  • AAPP-15980: Handle invalid characters in XML while received from Apple MDM while parsing samples to avoid loss of sample data.

  • ARES-25576: Database upgrade failure due to the "Create Unique Index" error.

  • FCA-205437: Old upgrade for Workspace ONE UEM banner is present for all existing admins.

  • ENRL-3766: Fix Attribute mismatch between device state and canonical.

  • AMST-39051: Workflow Stuck in progress when including install profile.

  • AMST-38997: Seed 23.02.3 patch to Workspace ONE UEM console master.

  • CRSVC-37833: Admin details are missing while performing Delete device API call on enrolled device.

  • CRSVC-38135: Deadlocks are seen for sproc Device Compliance Status Set Concurrency ID by policy.

  • AMST-39024: Wi-Fi IP address of the Windows device is displayed as in the Network tab.

  • CMCM-190578: Revert restricted characters added to content name.

  • ARES-25572: App publish for Android failed due to duplicate key error.

  • CRSVC-38148: Admin events categories contain duplicate category names.

  • UM-8136: Unable to save DS page with Azure settings when broker is configured.

  • FCA-205568: Upload the Selenoid 1.10.12 to harbor and use the docker-compose.yaml.

  • CRSVC-38305: Data platform service was not processing messages occasionally.

  • INTEL-50184: Intelligence enrollment users were not syncing as expected.

  • AAPP-16144: APNs outbound queue being backed up on CN230.

  • AAPP-16174: iOS Activation Lock Bypass code has more than 26 characters with alphanumeric and special characters.

  • AAPP-16170: WebClip URL field is not allowing URL scheme.

  • AAPP-16246: VPP Applications are removed from the Workspace ONE UEM console upon syncing the asset and reappears with no assignments.

  • AAPP-16178: Renewed VPP stoken(ASM) does not sync the app details on the Workspace ONE UEM console.

  • AGGL-14958: Android Enterprise WiFi profile (WPA/WPA2 Enterprise) - Unable to save the Domain field.

  • ARES-25804: SDK or application crash logs were not purging.

  • UM-8188: Admin group name syncing in lowercase letters.

  • CRSVC-38146: Add compliance evaluation related events for troubleshooting.

  • ARES-25890: Deploying internal apps was stuck in “Pending Release” status.

  • CMCM-190593: Renaming folder and trying to sync is giving 404 or empty XML.

  • AGGL-14911: Custom admin role permissions for Android permissions payload.

  • ARES-25801: Blob Get Expired Device Logs stored procedure is causing low PLE on the database server.

  • AAPP-15443: Hub registered mode sample collection enhancements and fixes.

  • CRSVC-38141: Prioritize sample-based compliance evaluations.

  • AGGL-14826: Clicking "Add version" at Assignment page of an Application Control profile reverts App control profile to default settings.

  • AMST-39297: Seed 23.02.5 patch to UEM console.

  • RUGG-12243: Android device staging fails as cached sideload package is downloaded instead of new config.

  • ARES-25573: App publish not being retried due to a catch block and sync SP deadlock issue.

  • CRSVC-38596: Enable migration of invalidate refresh token flow from AAD to Microsoft Graph API.

  • SINST-176154: Updated Code signing certificate

  • SINST-176167: Fixed issues with DDUI Profile Screen.

  • SINST-176205: Update Installer to fix issues with DDUI profile screen.

  • RUGG-12358: Event Log - Incorrect Product name and Job ID for product failures in event log.

  • MACOS-4010 : Unable to setup admin account on a macOS device.

  • INTEL-51756: Update current device enrollment user delta export to include delete operation.

  • FCA-205818: Improve Device Dashboard performance for large device count.

  • FCA-205775: AirWatchSSP is terminated with Unhandled Exception.

  • FCA-205668: Horizontal scroll missing for Organization Group selector.

  • ENRL-3813: COPE devices enrollment endpoint captivates more response time.

  • CRSVC-39276: Certificate password is null.

  • CRSVC-38640: Stop throwing exception From DSM in case 404 enrollment user not found.

  • CMSVC-17272: Script to set default name of Smart Group when null.

  • CMCM-190684: Errors during blob sync/check status to CDN.

  • CMCM-190675: Adding content via API defaults to unknown "Paxar" value for customer, while the default should be N/A.

  • CMCM-190664: Workspace ONE UEM console shows spaceman error when viewing security tab for most macOS devices.

  • CMCM-190636: Managed Content not showing up on newly enrolled devices.

  • CMCM-190627: "Content Detail by Device" reports incorrect.

  • ARES-26126: WDC Profile creation times out when assigning Smart Group with higher number of devices.

  • ARES-26029: Workspace ONE UEM DB - Profile Installation status is not loading for profiles deployed to the entire environment.

  • AMST-39588: Seed 23.02.7 patch to UEM console main.

  • AMST-39541: Workaround for MSFT issue breaking SFD installation.

  • AMST-39506: WNS disconnected for multiple Windows devices.

  • AMST-39478: The default 'Read Only' Admin role to view the Baseline is not working.

  • AGGL-15323: Feedback channel - Data not being pulled from Google for App Config.

  • AAPP-16385: iOS Device Updates Notification messages are automatically truncated.

  • AAPP-16364 Query to validate Cellular APN as required field with DDUI activated.

  • AAPP-16341: Resolve errors from OS update retry job.

  • AAPP-16313: False APNS Notifications during Purchased App Sync.

  • AAPP-16178: Renewed VPP stoken(ASM) does not sync the app details on the console.

  • AAPP-16414: Home Screen Layout: Not all the apps are listed in the dropdown.

  • CMCM-190639: Uploading large file to external repositories fails.

  • ARES-26320: Device logs not uploaded to console.

  • ARES-26321: Incorrect version while creating copy of UEM profile.

  • AMST-39632: API 'MDM/devices/security' endpoint fails with 500 internal server error for some device

  • AMST-39613: Smart Group is not recognizing 32-bit devices from console v2212.

  • FCA-205976: Unable to send the Push Notifications/Email notifications using Bulk Management.

  • UM-8112: Increase ACC timeouts for directory service to 300 seconds.

  • AMST-39306: Arm x64 Agent is not getting installed on OOBE enrolled Windows devices.

  • CRSVC-39342: Unable to send custom commands.

  • RUGG-12432: Products are showing in progress after UEM upgrade.

  • RUGG-12327: Update the Linux Pull Service Installer Link within Settings > System > Enterprise Integration > Pull Service Installers.

  • UM-8318: Password spray against Workspace One UEM.

  • AAPP-16416: "East iOS GP and MobileConnect" profile is going to not installed state on many devices.

  • AGGL-15447: Unable to create Android profile with a Time Schedule whose UUID is NULL.

  • CRSVC-40111: [Certificate Installer] Private Key not exportable in Manual Flow.

  • CRSVC-39366: Memcached uses only one server.

  • SINST-176223: Backwards compatibility for on-premise installer.

  • AAPP-16479: Renewed VPP stoken (ASM) does not sync the app details on the Workspace ONE UEM console - fix for SQL 2014.

  • FCA-206049: Banner was not seeded into BannerFeature table.

  • UM-8331: Administrator with two roles is unable to view the user role that was created by the administrator.

  • ARES-25956: Application-rule put API improvements.

  • FS-3215: Freestyle Orchestrator issue with workflows - errors with script, profiles, apps deployment when done in cascade - Logging.

  • ENRL-3834: One iOS device got enrolled with the lower OS version than the one set on enrollment restriction policy.

  • RUGG-12446: Multi-user CICO failing for Android AOSP device.

  • CRSVC-41219: The Workspace ONE UEM console was not getting samples from Android and iOS devices post upgrade from Workspace ONE UEM release 2209 to

  • CMCM-190729: Status of document in content detail report was not correct.

  • ARES-26476: Modify the sync SP to queue commands if not present when ADS action ID is 1.

  • AGGL-15032: Phone number was reported as "SIM not detected" for Android 12+ work profile devices.

  • CMSVC-17309: Smart group compilation failure on device event to smart group service.

  • ARES-26328: Unable to delete applications.

  • AGGL-15532: Google seems to have increased oAuthToken length (AndroidWorkSetting AccessToken got truncated).

  • MACOS-4063: macOS 14 ADE enrollment fails if custom enrollment is off.

  • ARES-26482: Unable to publish profile due to timeout.

  • AAPP-16443: Update device information query cellular keys.

  • FCA-206050: Spaceman error when accessing OG List View page from the customer OG.

  • ARES-26484: Device profile status ID incorrect in API call.

  • AAPP-16435: ABM device does not update with the second enrolled user status after re-enrollment from first user to second user.

  • CRSVC-41361: Conditional access audit event timings were not localized per admin time zone.

  • CRSVC-38844: Cisco ISE API account password expiration.

  • FS-4107: Profile step failing through workflow if profileatscale is enabled.

  • FS-4283: Seed Mac workflow host in Canonical - Release 23.02.

  • AMST-39696: Autopilot enrollment failed after Workspace ONE UEM update to 2306.

  • ARES-26452: Inactive update profiles were removed from machines automatically causing the devices to unnecessarily upgrade to Windows 11.

  • PPAT-15163: MFA option was visible for other VPN types.

  • ARES-26472: Windows Intelligent Hub and OMADM client was reporting different versions for the same application.

  • AGGL-15636: Android manufacturer and model auto-seeding issues.

  • MACOS-4070: Incorrect App Bundle ID was updated on Workspace ONE UEM for macOS apps using Electron Framework.

  • INTEL-51912: Intelligence Android application app version code was not fetched correctly.

  • CMSVC-17328: Smart group migration banner was displayed even when there are no Smart Groups that need to be migrated in the OG.

  • ARES-26587: DDUI - Unable to add multiple apps to folders in the Home Screen Layout due to duplicate records from the MTS database.

  • AAPP-16458: Unable to upload an application with multiple info.plist on the Workspace ONE UEM console.

  • ARES-26502: Multiple entries in the database table for a given profile ID and version.

  • AMST-39802: Windows updates were not getting updated in the Device details page, under updates for Windows 11 devices.

  • FS-4534: Seed Mac Workflow Host in canonical 23.02 release.

  • FS-4501: Fix performance and workflow status reporting issues in workflow for profile installation.

  • AAPP-16470: Create a script to delete DEP Enrollment Profile on Global Organization Group with expired token.

  • FCA-206100: Unable to send template message to device from public app details device tab.

  • AAPP-16461: Database patch upgrade is failing with patch

  • AMST-39761: Workaround for OEM update profile fails to install on device.

  • CRSVC-42584: Errors related to AWDeviceSampleData private queue still present after patching the environment.

  • AAPP-16539: VPN profile values are changing after publishing profile.

  • AMST-39845: WNS disconnected for multiple Windows devices.

  • ARES-26706: App details view page crashes when filters are selected.

  • MACOS-4088: All workflows show status: In Progress.

  • AGGL-15899: All internal Android apps uploaded to the console were getting the default Android icon.

  • CRSVC-42773: Navigating to app events displays spaceman error.

  • AMST-39704: BIOS verification status sent incorrectly as a part of Windows security information sample.

  • AAPP-16535: iOS updates no query update status button on Workspace ONE UEM 2302.

  • AAPP-16586: Custom data (key/value) was not retained in the VPN profile (iOS) after reopening the profile.

  • AGGL-15912: Android VPN profile displays "Failed to save profile" error when trying to modify it or add a version to it.

  • CRSVC-42634: Migration tool application migration custom batch.

  • ARES-26761: High latency in purge expired sample data job execution.

  • RUGG-12356: Unable to get the launcher speed lock down feature working.

  • AGGL-15777: Add a new Last Used column to Resource Context table.

  • AAPP-16557: DEP assignment was taking too long to change UI.

  • MACOS-4119: Workspace ONE UEM downloads the binaries from ESR every time the SeedSystemAppsJob runs.

  • UM-8408: Unblock the auto or manual syncs during advanced LDAP sync cycle failure.

  • CMEM-186927: Objects were not clearing from memory and causing high memory usage.

  • PPAT-15441: Review and reduce the Tunnel service logs generation.

  • ARES-26908: Sync should queue install commands when there are already pending commands for other devices and previous status is pending release.

  • PPAT-14821: Certificate list sample pile up in msmq causing performance degradation.

  • AAPP-16610: Unable to edit existing iOS Wifi device profile.

  • AAPP-16421: When CNS is configured for APNs, non-silent APNs is sent by manual Hub Query from Workspace ONE UEM instead of silent APNs.

  • CRSVC-42824: Secure Channel - Cannot find the original signer issue.

  • SINST-176239: Workspace ONE UEM Patch installer fails at Cert Installer execution.

  • AAPP-16647: Unable to install VPN profile on iOS devices.

  • AAPP-16653: Show or hide a field which is dependent on different fields out of which one is set.

  • AAPP-16650: Action parameter section sequencing is not correct.

  • FS-4566: macOS workflow stuck waiting on profiles.

  • CRSVC-43330: Increased CPU usage by CiscoISE app pool.

  • RUGG-12628: Add support for pull relay server discovery with IP as discovery text.

  • AAPP-16684: Workspace ONE UEM unable to edit approved SIM for some devices.

  • CRSVC-41111: Cisco ISE API account password expiration.

  • AAPP-16639: VPN IKEv2 payload dropdown values were changing to default value after adding a version.

  • AMST-39887: Removing Windows update profile does not remove configured policies.

  • CRSVC-39018: Convert StartRowCount datatype to bigint from int for Purge Statistics table.

  • FS-4602: macOS workflow status does not update without a manual query.

  • FS-4727: Seed Mac workflow host in canonical release 23.02.

  • AMST-40140: If the "Managed Applications" payload is configured in Windows profile, checkbox size in other payloads will become huge.

  • ARES-26866 DDUI - Incorrect records are getting fetched due to ordering of duplicate payload templates.

  • ARES-26576: Auto purge for device application logs and move threshold on percentage basis.

  • ARES-27150: Workspace ONE UEM API endpoint continually failing with error Collection cannot be null or empty.

  • ARES-26619: Uploading a duplicate Windows app is causing app already exists with this OG error message.

  • AAPP-16741: Update seed script to add BundleId for the Journal app.

  • PPAT-15841: Issues with tunnel certificate rotation.

  • RUGG-12724: Workspace ONE servers unable to connect to SFTP Relay server after the relay server SFTP settings were updated to disable SHA-1 key exchange.

  • AMST-40134: Mac address is not visible for Wifi adaptor in the Network tab.

  • AMST-40300: Seed 23.02.8 patch to Workspace ONE UEM console master.

  • FCA-206561: AirWatch Angular - Sonar coverage is inconsistent and causes sync delay.

  • ARES-27125: For internal iOS apps, unable to renew provisioning profile.

  • CRSVC-44926: Unable to edit, delete or deactivate specific compliance policy.

  • ARES-27164: For autocomplete field, the data is posted only when selected from drop-down.

  • MACOS-4205: Provide option to select version of Hub from Workspace ONE Intelligent Hub settings screen.

  • CRSVC-44197: Tracking Correlation-ID from Device State Migration tool to DST service.

  • CMSVC-17484: Unable to push iOS update, page crashing with an error.

  • AMST-40314: Workspace ONE UEM was not processing assignments unless triggered.

  • ARES-27252: Fix application segment data mismatch from Apple devices.

  • UM-8576: Admin role not auto filled in DDUI when adding admin manually.

  • AAPP-16826: Fix duplicate entry for setting value creation in the credential payload.

  • AMST-40348: Sensor and script - Remove search hub dependency.

  • ARES-27506: Extended timeout for Internal Apps Delete.

  • AGGL-16368: Fix data mismatch for user data in users and accounts segment of device state.

  • ARES-27484: Adding a newer version of an app through APIs removes app config KVPs for the previous version.

  • AAPP-16872: Unable to Clear Activation Lock on iOS devices.

  • AAPP-16896 Copying iOS DDUI profile where the context is unknown causes error.

  • AAPP-16897: Correcting the existing profile context data.

  • ARES-27450: Certain macOS devices seen with Windows internal apps assigned.

  • CRSVC-45850: Secure Channel Failure with Workspace ONE Intelligent Hub for Android.

  • UM-8698: Fix error codes for authentication endpoint.

  • ARES-27601: Workspace ONE Express - Unable to add or edit icon images for web apps.

  • AMST-40650: WNS notification flow improvement.

  • AAPP-16995: Device Attribute phone number modified on Wi-Fi iPads with no sim card.

  • AMST-40590: Seeding latest SFD 23.02 build to Workspace ONE UEM 2306 console.

  • CMCM-190931: Increase the maximum page size for managed content DS endpoint.

  • CMEM-187009: Optimize Stored Procedure to avoid intermittent timeout.

  • CMSVC-17611: Inconsistencies with the device tag data upon re-enrollment.

  • ARES-28092: Unable to view the XML file of the specific iOS profiles if option to sign certificate is enabled.

  • CRSVC-47212: API call invoked commands associated to unknown admin account.

  • AMST-40887: Windows SAL sampling improvements.

  • ARES-28053: Web links report is empty.

  • AMST-40945: Increase application installation timeout.

  • AMST-40942: Reduce unnecessary calls between UEM and OEM provisioning service.

  • ARES-28053: Web links report is empty.

  • AMST-40945: Increase application installation timeout.

  • AMST-40942: Reduce unnecessary calls between WS1 UEM and OEM Provisioning Service.

Known Issues

  • CMCM-190959: Optimize Sync Sproc for user repository creation

    The database stored procedure used for user repositories sync was consuming database resources. The Sproc needs to be optimized for better Sproc performance.  

  • LUEM-534: Device details - Certificate tab shows Certificate status as Pending Install

    After successfully installing Certificates for Linux devices using profiles, the Certificate status in the UEM console remains as Pending Install or Unknown. However the certificates are getting deployed successfully to the devices.

    Updating the certificate status based on sampling is affected but existence of the certificate entry in the device details can be considered as the successful deployment of the certificates on device.

  • FS-2637: Editing and saving imported or duplicated workflow using the Details page causes a crash.

    Customers who use the duplicate or import feature for Freestyle workflows are noticing that saving edits is causing the console to crash, if navigating to the editor using the workflow details page.

    You should use the list view instead. Select the checkbox of the workflow you’d like to edit, then click the edit button. From here, the editor should work properly and you can save changes without the console crashing. If you accidentally enter the editor from the workflow details page and save, which causes console to crash, use shift+ctrl+r or clear the browser cache. You will be able to access the workflow again.

  • FS-3030: Editing imported workflow crashes console if replacing missing app.

     For some imported workflows, the UEM console crashes if clicking into a missing app step.

    Admin should just delete the step if this happens and replicate it by adding a new step.

  • UM-7887: Manual LDAP attribute sync fails with an error

    If the customer has managed iOS devices enrolled and have UserManagementDeviceStateIntegrationFeatureFlag enabled then manual attribute sync fails.

    There is no workaround for this issue.

Support Contact Information

To receive support, access VMware Customer Connect. To learn more about the support policies, see Support Policies. For information about filing a Support Request in Customer Connect and using Cloud Services Portal, see the VMware knowledge base article at here.


To learn more about Workspace ONE UEM, you can browse VMware Workspace ONE UEM Console Documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon