VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features in 2310, issues resolved, and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo, Shared SaaS UATs, and Latest Mode UATs

  • Phase 2: Shared SaaS environments

  • Phase 3: Latest Mode environments

This version is initialy available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article. Workspace ONE UEM for 2310 release will also be an on-premises release.

Getting Ready for Major OS Releases

Interested in learning about the latest major OS updates and their resulting implications on Workspace ONE? See the Getting Ready for Major OS Releases section in VMware Workspace ONE UEM Console Documentation for more information.

What's New


Would you like to check the Device Registration Status for Conditional Access? We report that in Device Details page.

You can now refer Device Details page on the console to check if the registration was successful and plan further actions such as pushing the desired apps to the devices. Check out Azure conditional access and Google's context aware access information in Device Details. For more information, see Other Integrations with Directory Services.


We've now enabled Agent or Hub Upgrade File-Action upload in partner type OGs too.

Prior to this feature, you could upload Workspace ONE Intelligent Hub Packages only in Global and Customer organization group types. But now, you can upload an AirWatch MDM Agent (also known as Workspace ONE Intelligent Hub) to a partner type organization group. For more information, see Upload a Workspace ONE Intelligent Hub APF File, Upgrade File-Action.


Compromised Device Detection with Play Integrity API.

Workspace ONE UEM can use Play Integrity API to obtain further information about an Android device’s integrity and determine if the device is compromised. Play Integrity API replaces Google’s SafetyNet Attestation API. It works together with the compromised device detection capabilities in Workspace ONE SDK to better protect endpoints and protected resources.


Deploying iOS profiles is now easier and faster with the new data-driven user interface.

We have completed the rollout of our new Data-Driven User Interface (DDUI) user experience for iOS profiles. This functionality will now be enabled by default starting with Workspace ONE UEM 2310.

We've a new iOS 17 Restriction profile key.

We have implemented the new “Allow iPhone Widgets on Mac” Restriction profile key that was introduced with iOS 17. This key can be used to prevent iPhone widgets on a Mac that have signed into the same Apple ID for iCloud.


We’ve enhanced macOS profiles.

We have added new configuration profile payload keys introduced in macOS 14 Sonoma to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below. For more information, see macOS Device Profiles.

  • Restrictions

  • SSO Extension

  • Disk Encryption

  • Passcode

  • DNS Settings


We’ve introduced new device commands.

Workspace ONE UEM now supports Device Reboot, Device Lock, and Full Device Wipe commands for Linux endpoints. IT administrators can now have a little more control, and in the case of Device Wipe, there are additional security controls for devices.

Experience the new Data-driven UI for profiles.

Like other platforms UEM supports, Linux has migrated to the new DDUI framework for profiles. Although functionality is identical, the UI has changed and provides a mechanism to add new profile features at a more rapid pace.


Software Distribution(SFD) now downloads links on-demand.

We've enhanced the way SFD manages downloads. When the download URL link you received through an earlier install command expires, you are no longer required to resend an application install command to get a new download link. Now, on a need-basis, the Software Distribution (SFD) can send a request to the Workspace ONE UEM server for a new download link.

Check out Device Updates to monitor windows updates progress.

We have improved device updates reporting. With this limited availability feature, you can filter or search Windows devices with different versions in the organization group or child organization. You can easily go through the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Resources - Device Updates.

Track Workflow Status in Provisioning Tool

You can now detect and track the status of Freestyle Workflows through Provisioning Tool. Each workflow will be tracked in the UI and the system will not complete processing (Green Screen) until all the workflows are complete.

Check out more new Windows Security Baseline templates

We have added new templates for creating CIS Windows Benchmarks. Both Windows 10 22H2, and Windows 11 22H2 were added. For more information, see Creating Baselines with a Template.


Quick and easy profile and app removal for Windows devices.

You can now create a workflow for one-time removal of an application and/or profile from a device. After the workflow is deployed on the device, the app or profile is uninstalled successfully.

Explore the new Freestyle templates.

Workspace ONE UEM Freestyle templates are now available in Workspace ONE Cloud Marketplace. Utilize these templates to get started with the most common use cases.

Before You Begin

The Workspace ONE Unified Endpoint Management (UEM) console supports the latest stable builds of the following web browsers.

  • Chrome

  • Firefox

  • Safari

  • Microsoft Edge

Comprehensive platform testing has been performed to ensure functionality using these web browsers. If you run the UEM console with an older version browser or on a non-certified browser, you can experience minor issues.

Resolved Issues

Resolved Issues for 2310

  • HUBW-8770: Device eligibility check fails after app installation.

  • AAPP-16299: No Query Update Status button on UEM 2302 after pushing out iOS updates.

  • AAPP-15989: VPP License is not revoking when Remove Application request is sent through Device Details page.

  • AAPP-16021: Query related to iOS restriction “Allow deprecated TLS versions”.

  • AAPP-16010: Republished profile is being removed from some devices due to stored procedure timeout.

  • AAPP-16024: iOS device freezes in Single App Mode configuration if profile installs before the Hub installs.

  • AAPP-16036: Unable to upload an iOS application with nested watchOS app on the UEM console.

  • AAPP-16037: /mam/apps/purchased/search API does not always return App Size.

  • AAPP-16122: Unable to migrate APNS Certificate from Global OG to Parent OG.

  • AAPP-16191: AirPlay Security profile (tvOS) shows ‘Unknown Payload’ on a device.

  • AAPP-16193: Query to validate Cellular APN as required field with DDUI enabled.

  • AAPP-16245: VPP applications are removed from the Workspace ONE console upon syncing the asset and reappears with no assignments.

  • AAPP-16288: Custom data (key/value) not retained in VPN profile (iOS) after re-opening the profile.

  • AAPP-16389: ABM profile doesn't return proper API response when uuid is used.

  • AAPP-16401: iOS DDUI - Lookup Values not being translated.

  • AAPP-16406: iOS Boxer Standalone enrollment is showing incorrect OS version on UEM console post Boxer level enrollment.

  • AAPP-16426: iOS Web Clip Profile cannot work without a protocol prefix such as http://, https://.

  • AAPP-16434: Unable to edit existing iOS device profiles post UEM upgraded to

  • AAPP-16436: Device Name being set to friendly name when setting is disabled.

  • AAPP-16487: Customer’s orders are seen in other customer’s OG.

  • AAPP-16490: Unable to select credential from dropdown list in iOS DDUI VPN profile with connection type IKEv2.

  • AAPP-16505: DEP assignment taking too long to change UI.

  • AAPP-16527: VPP Auto Update failing with specific country code.

  • AAPP-16533: Content Filter profile saves successfully without the title preventing installation.

  • AAPP-16568: Post VPP V2 migration, Workspace ONE UEM - VPP "Sync Assets" stuck at "Sync in progress" and licenses are seen as “Unknown”.

  • AAPP-16594: Homescreen layout payload is allowing empty app lines.

  • AAPP-16642: Broken icon image for iOS Web Clip Profile.

  • AAPP-16748: Apple Store Bundle ID (com.apple.store.Jolly) is incorrect.

  • AGGL-14899: Android DDUI Profile Payloads not loading.

  • AGGL-14917: Android App groups filter for OS version is not working.

  • AGGL-15212: CSRF Allows Adding and Deleting Android EMM Configuration to Any Tenant while Unauthenticated.

  • AGGL-15357: Unable to create Android profile with a Time Schedule, whose UUID is NULL.

  • AGGL-15845: Android VPN profile throws "Failed to save profile" error when trying to modify it or add a version to it.

  • AGGL-15892: All internal android apps uploaded to the console are getting the default android icon.

  • AGGL-15935: Unable to install profiles on Chrome OS devices post V2 migration.

  • AGGL-15984: {DeviceModel} lookup value in Friendly Name reported as "Android" rather than actual Model Number in Console List View.

  • AMST-38722: Certificate revoked automatically for Windows devices where migration data is missing.

  • AMST-39017: Workflow Stuck in Progress when including install profile for secure mode Windows device.

  • AMST-39055: The default 'Read Only' Admin role to view the Baseline is not working.

  • AMST-39210: Arm x64 agent is not getting installed on OOBE enrolled Windows devices.

  • AMST-39300: WNS Disconnected for multiple Windows devices.

  • AMST-39323: UEM console fails to edit windows profiles the day after they were created onwards.

  • AMST-39412: UEM Workflows: Windows apps do not honor app deferral setting.

  • AMST-39441: Smart Group is not recognizing 32-bit devices from console v2212.

  • AMST-39524: API 'mdm/devices/security' endpoint fails with 500 internal server error for some devices.

  • AMST-39569: Bios Verification status sent incorrectly as a part of Windows Security Information Sample.

  • AMST-39673: Removing Windows update profile does not remove configured policies.

  • AMST-39683: Autopilot enrollment failing after UEM update to 2306.

  • AMST-40069: If the "Managed Applications" payload is configured in Windows profile, checkbox size in other payloads will become huge.

  • AMST-40235: Windows - API call to Begin Install does not work when Value type is 'Multi-String'.

  • ARES-25379: Copied iOS profiles with password present fail to save when Allow Removal is set to 'With Authorization'.

  • ARES-25390: App Publish for Android fails due to duplicate key error when publishing app during device check in.

  • ARES-25740: Device logs not uploaded to console.

  • ARES-25746: WS1 UEM DB - Profile Installation status is not loading for profiles deployed to the entire environment.

  • ARES-25806: Unable to view Application Group page due to crashing.

  • ARES-25819: Deploying internal apps is getting stuck in “Pending Release” status.

  • ARES-26031: Device Profile Status ID incorrect in API Call.

  • ARES-26217: Inactive update profiles getting removed from machines automatically causing the devices unnecessary upgrade to Windows 11.

  • ARES-26243: DDUI - Unable to add multiple apps to folders in Home Screen Layout due to duplicate records from MTS database.

  • ARES-26465: CST Time Zone settings in Workspace One UEM console is throwing Compliance Policy Violation notification and ‘Removal Date’ in Profile settings is using UTC time instead of CST.

  • ARES-26565: Custom attribute value is not displayed in Launcher.

  • ARES-26610: Multiple nodes of MetadataTransformService tried to parse the files and seed them concurrently which causes the DbUpdateConcurrencyException.

  • ARES-27147: WS1 UEM API endpoint continually failing with an error "Collection cannot be null or empty".

  • ARES-26808: Failed to update profile segment attributes.

  • ARES-26828: Unable to add multiple apps to folders in Home Screen Layout of iOS Device Profile.

  • ARES-27084: Profile is showing out of date status on installation after adding the version.

  • CMCM-190579: Large file uploads from App to repo fails.

  • CMCM-190605: "Content Detail by Device" Report incorrect.

  • CMCM-190592: Managed Content not showing up on newly enrolled devices.

  • CMCM-190630: Security tab in Device Details page is intermittently timing out for some macOS devices.

  • CMCM-190643: Adding content via API defaults to unknown "Paxar" value for customer, while the default should be N/A.

  • CMCM-190711: Status of document in content detail report was not corrected.

  • CMSVC-17101: Unable to Assign Internal Application page crashes.

  • CMSVC-17121: When Navigating to Apps tab in device summary, page errors out.

  • CMSVC-17091: Assignments based on user group do not update name when name of user group is changed, for AD user groups.

  • CRSVC-36850: iOS - Device details certificates tab not showing full certificate metadata (OU details).

  • CRSVC-37221: Azure conditional access Shared Device Mode is failing with errors.

  • CRSVC-37564: ADCS certificate chain is building incorrectly when Root and IM1 have identical subject names.

  • CRSVC-37764: Android compliance status not being refreshed.

  • CRSVC-38282: User in Device List View is Incorrect.

  • CRSVC-38313: Syslog integration for SIEM.

  • CRSVC-38570: Stop throwing exception From DSM in case 404 enrollment user not found.

  • CRSVC-38914: Unable to send custom commands.

  • CRSVC-40519: Navigating to app events gives spaceman error.

  • CRSVC-41218: The console is not getting samples from Android and iOS devices post upgrade from 2209 to

  • CRSVC-41904: SQL fails to complete the maintenance job "AirWatch - Purge Expired Sample Data".

  • CRSVC-42926: Admins receiving email that 50% API Utilization limit being hit for a specific OG.

  • CRSVC-42227: S/MIME certificates are getting revoked on macOS devices whenever the certificate profile is removed or device is unenrolled.

  • CRSVC-43269: WS1 UEM - Syslog is no longer sending Application Published events after Patch 21 upgrade of UEM version 2302.

  • CRSVC-43376: Android Shared Device Mode app configuration with the Microsoft Authenticator app is not completing.

  • ENRL-3770: Enrollment Restrictions not blocking enrollment for logged in AD users when ASSIGNTOLOGGEDINUSER=Y in command line enrollment.

  • ENRL-3771: Under wipe log, 'Device Last Seen' information showing incorrectly for non-US locale.

  • ENRL-3809: One iOS device got enrolled with the lower OS version than the one set on enrollment restriction policy.

  • ENRL-3848: Devices within the customer OG are shown as being enrolled to the users from a different tenant in the same console.

  • ENRL-3889: Enrollment Restriction policy is not functioning as intended, allowing to enroll more devices than specified in the policy.

  • ENRL-3897: Unable to save enrollment restrictions settings due to bad data in database.

  • FCA-205518: Unable to send the Push Notifications/Email notifications using Bulk Management.

  • FCA-205533: Leaving the Asset number blank on device details page, it is taking up the last initial value.

  • FCA-205604: No new data is Syncing to Intelligence from the UEM.

  • FCA-205608: When viewing Devices > List view > Custom Layout and you start to rearrange the columns the data under it starts to mis-match with the header.

  • FCA-205650: Spaceman error when accessing OG List View page from customer OG.

  • FCA-206024: Unable to send template message to device from public app details device tab.

  • FCA-206027: Console allows creation of a customer-type OG under another customer-type OG.

  • FCA-206036: Device Events and Console Events filters cannot be managed by Admin user who is assigned build-in Read Only role.

  • FCA-206087: All device types is replaced with "Device Category List" for Device Category when editing any device from the device summary page.

  • FCA-206189: CSRF Protection Bypass Exposes Authorization Header for Certificate Authentication from any Tenant.

  • FS-3877: Workflow failing to execute script due to unauthorized error from inability to refresh the token after reassignment.

  • FS-3932: Admin Role Permissions Needed to Edit Freestyle Workflows.

  • FS-4179: Workflow stuck in progress when including install profile in UEM version 2302.13.

  • FS-4491: Fix performance and workflow status reporting issues in workflows for profile installation.

  • FS-4561: macOS Workflow status doesn't update without manual query.

  • FS-4620: macOS Workflow stuck waiting on profiles.

  • INTEL-51802: Intelligence Android Application App Version Code is not fetched correctly.

  • MACOS-3914: MAC OS profile Keeps spinning in the Japanese language.

  • MACOS-3993: Unable to setup admin account on a macOS device.

  • MACOS-4021: Device list export not working.

  • MACOS-4038: Incorrect App Bundle ID is updated on WS1 for macOS apps using Electron Framework.

  • MACOS-4074: Apple DEP devices are not being set to "Corporate Owned".

  • MACOS-4082: Device Bluetooth turns off upon saving the “Set Friendly Name as Device Name” setting in the UEM console.

  • PPAT-15360: Failed to add the new version to Android DDUI Profile.

  • PPAT-15803: Tunnel server traffic rule with Pac Reader does not work.

  • RUGG-11951: Multi-user CICO failing for Android AOSP device.

  • RUGG-12150: Products are not installed on devices that check in after remaining offline for more than 30 days.

  • RUGG-12153: Android devices staging fails as cached sideload package is downloaded instead of new config.

  • RUGG-12165: Getting the error: 'Invalid inputs, please try again.' when we click on "Test Connection" for the Push Relay servers.

  • RUGG-12201: Unable to get the launcher speed lock down feature working.

  • RUGG-12345: Getting a blank screen when navigating to Devices > Provisioning > Components > Profiles > Add profiles > Windows.

  • RUGG-12398: IDOR Allows Read/Write Access to Staging Devices.

  • RUGG-12402: Products are showing In Progress after UEM upgrade.

  • RUGG-12643: Public apps missing in Launcher app layout since WS1 upgrade to 2306.

  • RUGG-12670: App search bar does not appear in Launcher when the profile is in multi-app mode.

  • RUGG-12696: WS1 servers is not able to Connect to SFTP Relay Servers after the relay server SFTP settings have been updated to disable SHA-1 key exchange.

  • UM-7778: UserGroupActions APIs in System Management V2 return 404.

  • UM-7851: Directory Admin accounts created at OGs below SAML config cannot log in or be edited.

  • UM-8131: Admin Group Creation UI fails to search directory group when locale is non-English.

  • UM-8132: Unable to add new or modify existing administrators when the email address contains multiple consecutive special characters.

  • UM-8138: OOBE enrollment failing for the customer. Additionally duplicate users created for successful enrollments.

  • UM-8186: API /admins/{id}/update can update admin password bypassing password policy.

  • UM-8261: LDAP Sync page showing incorrect Created Date for LDAP Sync Job.

  • UM-8374: With Read only admin we are able to add admin account through batch import.

  • UM-8502: Unable to create Admin Groups if there are restricted characters in Distinguished Name.

Patch Resolved Issues

  • FCA-206489: Upgrade handlebars js to latest versions to mitigate security risk.

  • AMST-40252: Windows credentials profile shows installed when the certificate request fails.

  • CMSVC-17353: Smart Group search returns complete path of the organization group.

  • PPAT-15759: Copy Identifier button is not functional within the tunnel list view page.

  • AMST-40293: Seed 23.02.8 patch to Workspace ONE UEM console.

  • CMCM-190858: Handle server connection error to repositories.

  • UM-8525: Admin role not auto filled in DDUI when adding Admin manually.

  • MACOS-4195: macOS restriction payload automatically adds Activity Monitor to Allowed Apps in the Launch Restrictions.

  • MACOS-4186: Unable to add version to macOS profile due to login window payload.

  • MACOS-4184: macOS update management does not work when the install action is “Install Later”.

  • MACOS-4137: Auto-join gets automatically selected in the macOS network profile.

  • CMSVC-17479: Unable to push iOS update, page was crashing and getting error.

  • ARES-26580: Fix application segment data mismatch from Apple devices.

  • AMST-40324: Wifi Certificates were not getting auto renewed.

  • AMST-39891: Sensor and Script - Remove search Hub dependency.

  • AAPP-16599: Fix duplicate entry for setting value creation in the credential payload.

  • AAPP-16722: Native CICO was not updating the User List.

  • AMST-40267: Workspace ONE UEM was not processing assignments unless triggered.

  • FS-4746: Workflow deployment options were not showing in freestyle.

  • ARES-27264: Apps/APIs - Adding a newer version of an app through APIs removes the app config KVPs for the previous version.

  • UM-8450: The translated strings "Basic", "Temporary", and "Directory" are not loaded in the admin type column of the administrator page.

  • AAPP-16864: iOS Mobileconfig upload results in DDUI blank page.

  • CRSVC-45792: Secure channel failure with Android Intelligent Hub 20.X.

  • CMSVC-17435: Unable to create a smart group via API when smart group name contains double-byte symbol or number.

  • CMSVC-17509: Inconsistence device tag data upon re-enrollment.

  • AAPP-16701: Unable to clear Activation lock on iOS devices.

  • AAPP-16809: Copying iOS DDUI profile where the context is unknown causes error.

  • UM-8426: User group sync select by DN was throwing error.

  • FCA-205246: Terms of use displaying unicode value when declined.

  • CRSVC-42335: Stale DSM override records not being cleaned up due to exception.

  • AAPP-16792: VppSyncAssets API throwing error with VppV2 featureflag enabled.

  • INTEL-56281: Add device Azure registration status support in ETL V1.

  • AAPP-16829: Device attribute phone number modified on WiFi iPads with no SIM card.

  • AAPP-16892: iOS Updates - Eligible device models are blank.

  • AAPP-16682: Unable to view assignment on shared iPad for business for supported profiles.

  • AAPP-16834: VppV2 deviceId changing to null on clicking sync assets after VppV2 migration is completed.

  • AAPP-16633: Unable to delete ABM stale record from the Enrollment lifecycle page.

  • UM-8646: Implement brokerID in Workspace ONE UEM.

  • UM-8574: Fix error codes for authentication endpoint.

  • ARES-25268: Workspace ONE Express - Unable to add or edit icon images for Web apps.

Known Issues

  • Work profile enrollments using tokens for Registered Android 10+ devices may fail

    Work profile enrollments using a token for Android 10+ devices will fail if the device is registered with any of the identifiers such as IMEI, Serial Number, or UDID.

    Customers using the affected UEM version and intending to register Android 10+ devices for Work Profile enrollment should create the device registration record without using identifiers such as IMEI, Serial Number, and UDID. If a device is already registered, we recommend updating the registration record by removing these identifiers and re-generating the token for enrollment.

    For customers who have not yet consumed the affected UEM version, it is strongly recommended to review the device identifiers used for registering devices before proceeding with the upgrade.

    For more information, see the Knowledge Base Article

  • UM-8444: Organization Group tab in the Administrator Account is removed on the new DDUI from version 2210 or later

    When trying to edit the account, users get an access denied error message and the Organization Group details cannot be found.

    There is no workaround for this issue.

  • FCA-206199: Remote Assist from UEM sends non-silent APNs

    After enrolling with iOS Hub and start Remote Assist session from Device Details page, Hub shows a prompt saying 'Your administrator would like to remotely view your device's screen. Hub should send the silent APNs and show an overlay UI in the bottom of the screen with Start remote assist button.

  • AAPP-16722: Native Check in Check out not updating user list.

    When signed in with Apple ID on the device, the device should be assigned to the end user on the console. The device is not getting assigned to the end user on the User List tab. On the shared device logs, we could see only the check out and check in happening. The Hub does not automatically get logged in and the Web clip profiles are not deployed.

Support Contact Information

To receive support, access VMware Customer Connect. To learn more about the support policies, see Support Policies. For information about filing a Support Request in Customer Connect and using Cloud Services Portal, see the VMware knowledge base article at here.


To learn more about Workspace ONE UEM, you can browse VMware Workspace ONE UEM Console Documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon