check-circle-line exclamation-circle-line close-line

Workspace ONE UEM 9.4 Release Notes

Workspace ONE UEM | 24 APR 2018

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

New Features in this Release

Product Rebranding and User Interface

  • Product Rebranding: To better enable our customers' deployments of the entire Workspace ONE family of solutions, VMware AirWatch will be known as Workspace ONE Unified Endpoint Management (UEM). Customers will see this rebranding in the Workspace ONE UEM console and installer files for v.9.4.
  • UI Enhancement: To improve our users' experience, we have updated the look and feel of the UEM console to be consistent with the VMware family of solutions.

Installation and Architecture

  • Workspace ONE UEM now supports SQL Server AlwaysOn. SQL Server AlwaysOn combines failover clustering with database mirroring and log shipping. AlwaysOn allows for multiple read copies of your database and a single copy for read-write operations. If you have the bandwidth to support the traffic generated by Workspace ONE UEM, the Workspace ONE UEM database supports AlwaysOn. The following AlwaysOn functionality has been tested for support:
    • Database in an Availability Group
    • Availability Group failover
    • Secondary Replica promotion to Primary
    • Synchronous Replication

Console

  • Office 365 App Assignment Added to Getting Started Wizard: You can now assign individual Office 365 apps to selected platforms through the Getting Started Wizard, iOS and Android supported. Additionally, while configuring single Office 365 apps, you are now presented with a convenient link to the Getting Started Wizard where you can add multiple Office 365 apps all at once.

    You can manually enable the Getting Started Wizard on a customer type organization group by navigating to Groups & Settings > All Settings > System > Getting Started and select Enable for any or all of the Getting Started subcategories. You can also view the Office 365 App Wizard popup by navigating to Apps & Books > Applications > Native, then select the Public tab followed by the Add Application button. When you search for and select an app from the Office 365 suite, you will be presented with the popup message.

  • Batching of profiles during device enrollment: Currently all the certificates and tunnel profiles are batched for delivery during device enrollment which results in a delay of queuing of profiles and there are chances of Agent missing the profile. To resolve the issue, starting this release, certificates and tunnel profiles are not batched when a device is enrolled, instead delivers the profiles synchronously after enrollment. 

Apps

  • Workspace ONE Mobile flows: Workspace ONE Mobile Flows allows device users to view additional information and perform related tasks from within VMware applications. References to tasks or business data within an email are detected by Mobile Flows and are displayed as cards, which allow users to perform essential actions like assigning tickets or creating action item lists without transferring to another app. Mobile Flows provides support across multiple business back-end systems using VMware Connectors. You can develop custom connectors to support your specific business requirements.

    Currently, Workspace ONE Mobile Flows only supports VMware Boxer v4.12 or later. 

  • Workspace ONE catalog displays the actual app file version. When the end-users navigate to the catalog and try to install the application, they might install an incorrect version because the application launches with the AirWatch generated version and not the actual version of the application.That is, currently, the end users do not see the accurate version of the application in the application catalog and the Worskpace ONE catalog, instead they see the AirWatch generated version.

  • Microsoft Office 365 Data Loss Prevention (DLP) App Policies  is updated with new restrictions. The new restrictions are iOS and android specific to set minimum OS version, minimum App version, minimum SDK version, and minimum Android security patch version.

Android

  • Android Rebranding

    • Android for Work was introduced in 2015 to boost enterprise adoption for Android devices. Since that time, Google has worked to implement features in Android for Work available in the majority of Android devices. Starting with UEM console release v9.4, Workspace ONE UEM has adopted the simplified naming convention. Android for Work has been renamed to Android and is the default deployment method for new enrollments. The legacy Android platform will now be referred to as Android (Legacy).

      To enroll in Workspace ONE UEM, a new Android EMM registration page has been created in the console to facilitate set up. To see this page in the UEM console, navigate to Getting Started > Workspace ONE > Android EMM Registration.

      If you are an existing customer, you won't experience any interruption to how you are currently using your Android devices with Workspace ONE UEM. You will still use the AirWatch Agent as your device administrator for enrollment and any applicable OEM services for your device fleet. We have renamed the VMware AirWatch Platform Guide and all instances in the UEM console to Android (Legacy). For more information on using Workspace ONE UEM with Android (Legacy), please see VMware AirWatch Android (Legacy) Platform Guide.

  • User Acceptance for Sensitive Data Collection: When enrolling Android devices, users will see a new permissions page to grant AirWatch permission to collect user data to optimize security and productivity for your device. The information to be collected includes:

    • Phone Number
    • Installed Applications
    • Serial Number
    • UDID (Universal Device Identifier)
    • IMEI (International Mobile Equipment Identity)
    • SIM Card Identifier
    • Mac Address
    • Currently Connected SSID
  • Capture Logging for Unintended Enterprise Wipes: Users can send device logs to Workspace ONE UEM in the event their devices is unenrolling unintentionally. The device logs are sent to the UEM console for admins to review. At the Welcome screen, users tap the screen five times and the AirWatch Agent displays an email template that includes the logs. If no logs are found, 'Nothing Found' displays and user can proceed with enrollment.

  • Add Wi-Fi Settings to Android Work managed device QR Code Enrollment: Enrolling Work managed devices using QR Code has been updated so that admins can include Wi-Fi credentials in the QR Code. QR code provisioning is an easy way to enroll a fleet of devices that do not support NFC and the NFC bump. This allows the admin to input Wi-Fi credentials so the user does not have to connect their device to Wi-Fi manually. To view the QR code, see the Work Managed Device Enrollment topic in the VMware AirWatch Android Platform Guide.
  • COSU Mode Support: Android provides configuration of corporate-owned, single-use (COSU) devices which whitelists a set of applications to be used for a single purpose such as kiosk mode. AirWatch Launcher now supports COSU mode on Android 6.0 work managed devices.

    • To prevent users from escaping out of the AirWatch Launcher app, COSU mode hides these settings:

      • Home Button
      • Recent Button
      • Status Bar
      • Notification Bar
      • Quick Settings
    • COSU Mode for AirWatch Launcher is supported on the following:

      • AirWatch Launcher v4.0
      • AirWatch Agent v8.1 for Android
      • Android 6.0+ Marshmallow- work managed devices

Windows 10

  • Command Processor Improvements 
    • The Command Processor will now clear commands that did not receive a response from the device (Success or failure) instead of indefinitely holding up the command queue waiting on a response.
    • The Command Processor will also execute commands that apply to the device context even if the device has no active enrolled user login. Previously, when the device had no active enrolled user login, no commands would execute and would wait for a device check-in with an actively-enrolled user session to process commands. Now only user specific commands have that requirement and all device context commands will execute as expected even if there is no user logged in.

macOS

  • VPN Profile: Added support for macOS F5 Access VPN Client in the VPN On Demand Payload for tunnel network connections.
  • Restrictions: Additional restriction features support on macOS devices:
    • Unlock a macOS device using Apple Watch or TouchID
    • Use iCloud functions - iCloud Desktop and Document services
    • Allow Content Caching
    • Enable or disable Flash Player preference pane in System Preferences Restrictions settings

Apple DEP

  • New DEP Skip Screens: As part of Apple Setup Assistant workflow under DEP enrollment profile, three new skip options have been added: iCloud Storage, TV Room, and Privacy.

Rugged

  • Zebra Stage Now Supported: Device Manufacturer Zebra has replaced its older staging solution, Rapid Deployment, with a new proprietary solution, Stage Now. You can enroll Zebra devices with a Stage Now barcode into Work Managed Device Mode or Android (legacy) Device Administrator Mode, depending upon your console configuration.

    Qualifying Zebra devices must meet the following requirements:

    • Android Nougat and later
    • MX version 7.1 and later
    • AirWatch Agent 8.2 and later

Tunnel

  • VMware Tunnel now supports locking down all device traffic to VMware Tunnel for Windows 10 devices. This functionality prevents device traffic from traveling outside of the tunnel connection. The user is locked in and all traffic is forced through VMware Tunnel. If the device is not connected to the tunnel connection, no traffic leaves the device.
  • VMware Tunnel now supports rotating public SSL certificates zero downtime to end user service. Public SSL certificate rotation allows you to upload a new SSL certificate to the UEM console. When your current public SSL certificate nears expiration, you can activate the new certificate to maintain service for your end users. This process requires uploading a new certificate, pushing new VPN profiles to devices, and manually activating the new certificate.

  • VMware Tunnel for macOS now supports third-party apps for Per-App Tunnel. You can now configure VMware Tunnel for macOS to use Per-App Tunnel for third-party applications.

CDN

  • Test the integration between Workspace ONE UEM and Akamai CDN. You can also disable the CDN System Settings for the Child Organization Group. 

Secure Email Gateway

  • SEG (V2) now supports Google mail server. The automatic password provisioning feature can be enabled or disabled as per your requirement. 

SDK

  • Compliance Rules and Actions for App Only Compliance: The default SDK profiles Offline Access and Compromised Protection have moved from the Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies to Groups & Settings > All Settings > Apps > Settings and Policies > SDK App Compliance. This page enables admins to apply compliance functionality to devices that do not have MDM profiles through SDK-built applications.
  • Added Ability for Admins to Restrict SDK Authentication Mode: The new option* Force Token For App Authentication* enables admins to control how SDK-built apps reset forgotten passcodes. If users need to reset a passcode and this option is enabled, the SDK forces the forgot-passcode procedure and does not allow passcode resets with username and password.

    Users navigate to the Self-Service Portal and must generate a new app token to access SDK-built apps.

    Find this option at Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies

 

Resolved Issues

  • AAPP-105: ScheduleInstallApplication workflow is being kicked off when an app fails to install on a shared device

  • AAPP-1762: Enrollment Status includes devices that were removed from the DEP token then Fetched & Sync'd.

  • AAPP-3868: iOS Device Profile for Network Usage Rules allows unsupervised devices which are ineligible for the profile feature.

  • AAPP-4297: DEP devices not following Enrollment OG setting during token DEP enrollment.

  • AAPP-4314: Location of devices in lost mode is not being reported to the console.

  • AAPP-4471: macOS Agent Settings page override prevents agent download.

  • AAPP-4530: Safari does not redirect to App Store when 'Require Agent Enrollment for iOS' is enabled.

  • AAPP-4578: VPP Auto-Update doesn't work on apps from foreign countries.

  • AAPP-4597: Login Window device profile payload shows a blank page if Finder payload is configured in the same macOS profile.

  • AAPP-4659: macOS with WiFi Device Profile unable to auto-join network.

  • AAPP-4810: Home Screen Layout payload in Device Profile unable to accommodate custom bundle IDs.

  • AAPP-4840: Login Window payload on Device Profiles with custom minutes (non-drop-down menu selection) locks macOS devices to a 20 minute screen saver timer.

  • AAPP-4882: DeviceConfigured command is not being sent to Apple TVs, which remain in Awaiting Config state.

  • AAPP-4884: Clear Activation Lock fails when the device (with both GSM & CDMA) has an IMEI with repeating characters at the end of the string.

  • AAPP-4940: Custom attributes profile status displays 'Removed' even as attribute reports back successfully.

  • AAPP-4941: VPP apps return wrong bundle ID when install command is pushed to Apple devices.

  • AAPP-4943: When a user is deactivated using API, the Break MDM command is not queued until Content Locker is activated.

  • AAPP-4956: Apple WiFi profile payload display name is unclear to end-users.

  • AAPP-4957: Web enrollment applied to enrolled and staged DEP device unenrolls the device and blocks enrollment.

  • AAPP-4978: ShowSpecificApps profile for ASM shared devices is built in incorrect order.

  • AAPP-5005: Apple command processor issues Device scoped commands to macOS when it checks in via User channel.

  • AAPP-5041: Set Device name to Friendly name not being honored for supervised Apple TV.

  • AGGL-1893: Changing a device's organization group does not udpate the Play Store Home screen for devices enrolling through Android Enterprise.

  • AGGL-2322: Optional bookmarks display as installed instead of optional on the profiles tab from the device summary for Android devices.

  • AGGL-2583: The system does not move some profiles that are assigned to devices when you move devices to different organization groups unless you manually sync the console.

  • AGGL-2833: Enrollment through the Agent is blocked because the CAPTCHA displays no image when you enable SAML.

  • AGGL-2834: The console does not display the correct status for the Telecom application although the Agent sends the console application data samples of the current status.

  • AGGL-3030: The console displays the GX8 model number for the Huawei P10.

  • AGGL-3082: The smart group creation process does not list Lenovo as an option for Android devices.

  • AGGL-3113: The dbo.AndroidDeviceModelInfo table in the database is missing information for the OnePlus 5 model so the console misrepresents the model number as OnePlus One.

  • AGGL-3241: The overriding of Android Enterprise Enrollment Restrictions fails at a child organization group (OG) when the parent OG has Limit Android Enterprise enabled.

  • AGGL-3247: The Allow Cookies restriction in the Chrome Restrictions payload does not behave as expected for the Keep-cookies-for-the-duration-of-the-session value in the current version of Chrome.

  • AGGL-3265: The Not-Installed count displays as a negative number rather than a zero in the Profile List View of the console.

  • AGGL-3266: The removal of an application assignment through the console for an Android work managed device fails to remove the application from the Google Play Store on the device.

  • AGGL-3352: The Android Enterprise F5 Access App Config process fails and the console displays the message This app does not support app configuration in the assignment page.

  • AMST-5484: Moving a Windows 10 Desktop device to a different organization group creates an Update-Organization-Group-Failed message in the event logs.

  • AMST-6187: Adding an Azure AD account by API fails to add or update the AadMappingAttribute value to the database.

  • AMST-6530: Compliance rules that check for Device-Environment-Status fail to run for Windows Desktop devices.

  • AMST-6611: Installing the Workspace ONE application through the Windows Store for Business, Offline Licensing method fails and returns a 400 message.

  • APC-1021: The system fails to consistantly assign SDK settings to devices when you enable the SSO SDK default setting for Boxer when there is another instance of Boxer as a Purchased or Public application.

  • APC-1144: The email account setup process for Boxer sometimes fails when administrators attempt to create or edit Boxer configurations when using optional application configuration settings.

  • ARES-4029: The device sync action sends multiple app-install-requested events when the system queues a single application installation command.

  • ARES-4713: The upload certificate for Credential profiles fails to auto-populate the credential name.

  • ARES-4730: Cluster Priority affects individual assignment app configuration on editing the assignment

  • ARES-4744: Internal App install or assigned status API documentation needs to be updated

  • ARES-4824: Public apps deployment method is restricted to on-demand and it's considered as a system application

  • ARES-4913: Internal application fails to display correct child OG

  • ARES-4998:  Device profile with a payload and assigned smart group fails to add in an Excluded Smart Group

  • ARES-5167: ADP fails to update to auto test mode when a device is added to an Auto SG in a specific use-case

  • ARES-5174: Unmanaged apps fails to remove the application from the device even after the "Clear App Data" command is issued for that app.

  • ARES-5308: Devices with non-whitelisted apps are randomly marked as non-compliant randomly

  • CMCM-187519: Content List view > Corporate File Servers page in the UEM Console is synchronized with unintended files from user repositories

  • CMCM-187672: Installed Status for the AirWatch Content shows 0 even though it is installed on the devices

  • CMCM-187676: Corporate File Servers tab in the Repositories displays the installed and assigned status as 0/0 even though Repo is Assigned and Installed in Device

  • CMEM-184275: Console to SEG Test Connection fails as hostname not found

  • CMEM-184347: MemConfig xml for classic SEG throws an error when you try to export the data

  • CMEM-184411: Boxer MemDevice record fails to move the device to the correct Location Group

  • CMEM-184417: The console does not accurately display the un-managed records during delta syncs

  • CMEM-184424: The 'Multiple' link under MEM Config column redirects to ' something unexpected happened.

  • CMEM-184446: EASDeviceType for Android is listed as unknown for Stand-alone Boxer enrollment

  • CMEM-184499: SEG-Device Compliance policy with Action Block Email fails to block emails for non-compliant devices

  • CMEM-184534: Diagnostic and Sizing values in the MEM configuration page is empty, and requires a migration script to fix the data

  • CMSVC-4482: Device un-enrollment email notification displays incorrect reason code when a device wipe is completed.

  • CMSVC-4860: Older EULA's throw an error when you try to add and save a new version since the grace period is set to 0

  • CMSVC-5152: Usergroup batch import fails if the Active Directory 2016 import file contains a "&" character.

  • CMSVC-5215: Compliance List View and View Devices pages in the Console show inconsistent results for Compliance Policy results.

  • CMSVC-5279: User Migration from Console changes EnrollmentUserIds value, causing apps to fail to sync.

  • CMSVC-5347: Batch Import of users fails if there are special characters before the "@" in an email address.

  • CMSVC-5433: The default OG policy of parent OGs is modified when admins create a policy for child OGs.

  • CMSVC-5458: Whitelisting OEM devices for enrollment in the Console results in an incomplete application of whitelisting rules.

  • CMSVC-5492: Users are unable to enroll devices when their User Group or Organization Group has been edited recently.

  • CMSVC-5527: Only the current user nominated on a Shared Device appears in the ShareDeviceLog.

  • CMSVC-5572: The User Activation email includes garbled characters, and includes the custom template in plain text.

  • CMSVC-5595: When a Domain Controller is decommissioned, the system does not fail over successfully with DNS server turned on.

  • CMSVC-5739: Admins are unable to add Directory Users using advanced template Batch Import with a custom role.

  • CMSVC-5784: Enterprise Wipe is not working from Device List View page

  • CMSVC-5934: ReactivateDisabledUsers or SyncDisabledUsers connecting to the wrong domain controller in a multi-domain setup

  • CMSVC-6019: The Directory Connectivity tool does not work if Directory services settings fails to connect.

  • CMSVC-6082: Admin cannot view user's details when it is part of multiple usergroups and there is a difference in permissions

  • CMSVC-6147: Device Manufacturer Compliance Policy Stuck at Pending After Re-enrollment

  • CMSVC-6158: "Device Blocked by enrollment Restriction" default message template mispells AirWatch.

  • CRSVC-1905:  The API X-RateLimit-Reset timestamp and X-RateLimit-Remaining quota count do not reset at the same instant.

  • CRSVC-2758: Profile change event log is truncated to 255 characters and does not display all of the change.

  • CRSVC-2945: RESTAPIKey Rate Limit description needs improvement.

  • CRSVC-3032: Creating an event notification using V1 API does not correctly handle auth type.

  • ENS-816: ENS server stops pushing email notifications intermittently.

  • FBI-177911: New SDK Analytics reports shows blank

  • FBI-177957: Running new reports fails with Processing Error

  • FBI-177959: Device inventory report for iOS devices doesn't pull UDID.

  • FBI-177964: Device security posture report fails to consistently report profile status.

  • FCA-185636: macOS Physical memory units show KB and bytes instead of GB and MB.

  • FCA-185678: Unmanaged Device Wipe Protection Email address displays SaaS email address instead of defaulting to blank field.

  • FCA-185812:  "Trouble Logging In" link on SSP login page displays for Active Directory users.

  • FCA-185838: Admins with the "user role delete" resource cannot delete user roles if they do not also have the "admin role delete" resource.

  • FCA-185844: Company logo missing on SSP Login Page.

  • FCA-185961: SEG Status is missing in Admin Panel.

  • FCA-186053: Information for Employee Owned and Undefined Devices missing in the Device Dashboard.

  • FCA-186099: Console events shows an Admin user for Self Service Portal events if the coreuserid and enrollmentid are the same for two different users.

  • FDB-1575: Procedure ProvisioningProfileBlobMaster_Purge reports conflict error.

  • FSEC-183123: When using secure channel for communication, there are a lot of calls to “Certificate_Load” Sproc on DB resulting in high CPU usage on Database server.

  • INTEL-4768: UEM console dashboard displays different number than what the custom report shows

  • PPAT-2993: VMware Tunnel shows invalid domain name when entering a hostname with a numeric character as the first character.

  • PPAT-3010: The Windows VPN profile configured for VMware Tunnel fails to display the IP Address text box for VPN traffic filters when admins have a non-English locale.

  • RUGG-1692: Deleting a custom attribute in the Console does not log the event in the Audit Table / Troubleshooting tab.

  • RUGG-1705: Adding Custom Attributes to a device through the UEM console does not prompt for an Application Group.

  • RUGG-2455: Product list view Inactive Products Total Device count displays zero but includes Unknown status devices in the details view.

  • RUGG-3818: Editing secure launcher profile causes the orientation to change to landscape if it was originally set to portrait

  • RUGG-3922: Custom Attribute Assignment Rule page search function does not work properly.

  • RUGG-3923: Custom Attribute Assignment Rule page sorting does not work.

  • RUGG-4162: Remote Management 4.0 does not log a console event when starting a remote management session

  • RUGG-4243: Creating an assignment rule through API fails when calling a custom attribute that does not exist in the console.

  • RUGG-4247: The statuses on the Products Sets> Products list view page do not display the proper device counts.

  • RUGG-4337: The ProvisioningJobs API returns double results when called against the top-level ogranization group.

  • RUGG-4457: Windows Rugged devices experience an unexpected error when viewing a profile XML code after assigning a certificate profile to the device.

  • RUGG-4482: Smart Groups does not list Honeywell Version 3.1 as an OEM Platform.

  • RUGG-4571: Relay servers added at a parent organization group do not receive existing staging profiles from a child organization group

  • RUGG-4575: Relay servers fail to deploy products to devices.

  • RUGG-68: Windows Rugged import packages fail to save when the package contains a zero byte-sized file or with no version number.

  • AAPP-5009:  Added additional details to the logging statement to identify which APNs token was not found for AirWatch Agent push notification during device enrollment.

  • AAPP-5116: App details view for Public Apps does not load in Workspace ONE application.

  • AGGL-3370: Android on-demand apps are auto-pushed when App Tunneling is enabled.

  • AGGL-3413: Android for Work managed devices do not receive Internal apps pushed during enrollment.

  • AGGL-3414: Standard WPA/WPA2 Network Wifi profile incorrectly requiring Proxy data for Chrome OS devices.

  • AGGL-3421: Console page becomes unresponsive when a specific device payload is loaded.

  • AMST-2858: Cannot edit 'Detection Criteria' for an app if there are no devices with the app installed.

  • ARES-5109: Upload for large file fails when checking CDN existence.

  • CMEM-184578: Multi-tenancy issue when a device is moved (unenrolled & reenrolled) to a different LG: all associated MEMDevice records are not getting updated to new LGID.

  • CMSVC-6503: Unable to unlock a user account after it is locked from the User List View int he UEM console.

  • CRSVC-3180: User Groups are not syncing automatically int he UEM console.

  • ENS-1030: After upgrading the ENS from 9.0 to 9.2.1 version, the ENS service does not start.

  • FBI-177815: Subscription error on Reports when choosing individual apps for reporting in the UEM console.

  • FBI-177881: The Profile Configuration Setting report does not contain Wifi configuration details.

  • FCA-186257: Device commands being sent to the wrong device from the Device Details Actions page of the UEM Console.

  • FCA-186260: Unable to use certain characters when manually editing a device Friendly Name.

  • FDB-1586: BSP script fails on on 9.3 environments.

  • FDB-1698: Database error occurs when deleting a Location Group in the UEM console.

  • INTEL-4638: Workspace ONE Intelligence does not pull User Installed Managed and "On Demand" Apps when "Do not collect personal apps" setting is turned on.

  • AGGL-3430: Cannot enroll device using a parent OG without Android for Work and using User-group mapping to place device in child OG with Android for Work configured.

  • FCA-186305: The Getting Started flow incorrectly inherits the AirWatch Cloud Connector security configuration.

  • FCA-186308: Homepage redirect fails on login after admin landing page and two-factor or password change are enabled.

  • FDB-1510: Stored procedure in the Edit Custom Attribute page times out, and the page does not load.

  • FDB-1547: A conflict occurs between the Delete command and a Reference constraint when deleting a Location Group in the console.

  • FDB-1553: Error upgrading database versions.

  • INTEL-5593: Custom Report shows incorrect data for LauncherActive field under Apps.

  • PPAT-3186: URL endpoint test response does not send Connection: Close header along with 407 response.

Known Issues

  • RUGG-4659: Products may be listed multiple times under the Device Details > Products page

    Products may be listed multiple times under the Device Details > Products page if there are duplicate compliance records. The expected result is no duplicate compliance/products should be displayed.

  • INTEL-5621: Select fields are not displaying for purchased applications in the application export

    Upon generating an XML export for purchased applications, the following fields are blank: ModifiedBy, ModifiedOn, CreatedBy, CreatedOn, IsActive, and PushMode.

  • INTEL-5533: Purchased applications are shown as public applications in the application export

    Upon generating an XML export for purchased applications, some purchased applications are shown as public in the application type column.

  • INTEL-5207: Error displayed when app_is_installed field is selected in applications report

    Creation of a blank application report with the app_is_installed column selection, restricts you from saving the report and displays an error.

  • FCA-186210: On a fresh installation of Workspace ONE Auto-setup may fail at the VMware Tunnel setup task

    Auto-setup in Workspace ONE (fresh install) may fail at the VMware Tunnel setup task if Android EMM Registration with Google is not configured. Additionally, this may also fail when adding an Android profile

  • FCA-186145: Console setting changes may be submitted to incorrect Organization Group when using multiple browser tabs

    When using multiple browser tabs, changes made to the console settings may be submitted to the incorrect Organization Group (OG).

  • FCA-185766: SAML Transformation may not work when using Internet Explorer or EDGE browsers

    Upon navigating to the SAML Transformation page may not display properly when using Internet Explorer or EDGE browsers.

  • FCA-185634: Wizard buttons may disappear upon scroll-over in some Mac Chrome browsers

    Select wizard buttons may disappear when scrolled over in some Mac Chrome browsers.

  • FBI-177823: Application Details by Device report shows no data when application status is selected as Not Installed

    Upon running the Application Details by Device report and setting the application status as Not Installed, the report may not show any device records of not-installed applications.

  • CRSVC-3230: API Help Page may take longer amounts of time to load.

    The API Help Page may take longer amounts of time to load and render the page as unresponsive.

  • CRSVC-3191: API Tool Tip redirects to docs.vmware.com instead of the appropriate API Help Page

    Upon clicking on the API Tool Tip under All Settings > System > Advanced > API > Rest API in the console, the administrator is redirected to VMware Docs rather than the appropriate API Help Page.

  • CMSVC-6539: Unable to successfully edit and save vIDM settings from vIDM setting configuration

    Upon navigating to Settings > System > Enterprise Integration > vIDM > Configure and editing the configured vIDM tenant, selecting Save will shows a successful save but does not actually save the settings.

  • CMCM-187772: Unable to add new version of content when Allows File Extensions is set to All

    Upon attempting to add a new version of content Under Content > List View > Add Version, no option is displayed to select files form the file system.

  • CMCM-187765: Scheduler high-memory usage (content related)

    The scheduler service may occasionally hit the maximum memory on the server due to a content-related job or activity

  • AMST-7118: Appx dependencies are not being pushed wo Windows Virtual Machines

    While installing Appx, the app dependencies are not being downloaded to the Virtual Machine and Appx installation is failing due to missing dependencies.

  • AMST-7101: Two entries may be displayed after both an unsuccessful uninstall and installation of an application

    Two entries may be shown for the same application after both an unsuccessful uninstallation and unsuccessful installation

  • AMST-6879: (SaaS Only Issue) Frequent exceptions are seen in AW.IntegrationService logs in DS servers

    The following exception is seen very frequently in AW.IntegreatoinService logs in DS machines.This issue is seen while running background load tests.

  • AMST-6877: Messages in fastlanewnsoutbound MSMQ are processed very slowly

    Messages in fastlanewnsoutbound MSMQ are processed very slowly which is leading to large number of messages in the queue.

  • AMST-6000: Console incorrectly displays status for Business Store Portal (BSP) applications

    BSP applications in UEM console displays incorrect status as “Managed but Uninstalled.” Status does not update on performing a manual app query.

  • AAPP-5152: Assignment may not show for Exchange Active Sync (EAS) profile

    The Exchange Active Sync (EAS) view profile assignment may not show for the All Devices smart group when assigned, however, the profile pushes when installed through Container enrollment.

  • FBI-177872/FBI-177865: Device with application and user detail report returns partial records in export under some scenarios

    The new Device with application and user detail report does not show all versions of an application when exported for a specific internal or public managed app. Expected result should show all device apps records that have the app installed or assigned. 

  • FBI-177866: Application Details by Device report returns partial records in export under some scenarios

    The Application Details by Device Report does not show all devices records with the app install status when exported for a specific app. Expected result should show all device apps records that have the app installed or assigned.

  • AGGL-3369 : Internal app does not get pushed during enrollment of Android for Work managed devices. 

     Internal app does not get pushed during the enrollment of the Android for Work managed devices and the sync device does not work

  • AGGL 3361: Adding a Network Playload to a Chrome OS device profile results in policy failure

    Adding a Chrome OS device profile with Standard WPA/WPA2 Network policy is causing the profile to fail. The Chrome OS User policy with Network policy does not apply correctly. 

  • FCA-185965 : Friendly Name format for devices restricts usage of certain characters

    Manually editing the device Friendly name restricts the usage of certain characters and displays an error message. 

  • AAPP-5358: Managed Devices page inconsistencies and user-based license app assignments are lost

    Console administrators using Workspace ONE UEM 9.4 may experience application removal from the devices and missing devices from the Managed Devices page. On reviewing the device details in the Device Details page, the app reports as Public instead of Public (Managed). The app is removed on device synchronization. 

    For on-premises customers, run the following query before 9.4 update: UPDATE dbo.DeviceExtendedProperties set IsSharedDevice = 0 WHERE IsSharedDevice IS NULL.

  • AAPP-5395: DEP profile enrollment OG is not honored when the Staging Mode is set to None

    Devices do not honor the organization group (OG) mapping defined by a DEP profile if the staging mode is set to None. The device enrolls, however, is placed in the top level OG of the environment.

    There is no known workaround at this point.

  • AGGL-3577: Unable to add Android (Legacy) public application from the play store in the UEM console using the search functionality

    UEM console administrators are unable to add Android (Legacy) public application from the play store in the UEM console using the search functionality. However, Android Enterprise devices are not affected by this issue.
     

    To overcome the issue, use the Application URL to add the Android (Legacy) public application.

  • CRSVC-3589: Device Friendly Name display as NA in the Syslog server

    Syslog configuration in the UEM Console supports the configuration of the message content which should be delivered to the Syslog server. In the Message content configuration one can also specify the device friendly name as the look up value so that this value gets replaced when the syslog message is constructed by the event framework to be send to Syslog server. 

    For all the console events, since the device-friendly name does not apply, it is shown as “N/A” in the Syslog server.

    As a workaround, do not use device friendly name for identifying the device. The device friendly name is a dynamic value that can change over time and may lead to inconsistent logging.