check-circle-line exclamation-circle-line close-line

Workspace ONE UEM v9.6 Release Notes

Workspace ONE UEM | 24 July 2018

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

New Features in this Release

Android

  • Simplified enrollment for the Android corporate owned devices​ through the use of QR codes
    Administrators can now use automatic QR code that is generated from the UEM console to experience simplified enrollment flow for the Android devices running version 7.0 (Nougat) or later.
    UEM console now allows an IT administrator or an end user to register the device as Work Managed through the use of QR codes. The new enrollment flow is ideal for an administrator who wants to stage multiple devices before deploying to users or for the end user who wishes to enroll the device with the QR code that is provided by an IT administrator.
    Simplify your enrollment workflow by navigating to Devices > Staging & Provisioning > Staging and select Configure Enrollment button.
  • Capture suspicious activity logs when a Bluetooth peripheral or a USB connection is made to your device
    Whenever a Bluetooth peripheral or a USB connection is made to your device, UEM Console tracks the event and reports this as a log to the UEM console.
    To track all the malicious activity enable Suspicious Activity Logs under Groups & Settings > All Settings > Devices & Users > Android > Agent Settings. 
  • Set Weak Biometric for your Passcode content
    ​The Passcode Profile now allows you to set Weak Biometric for the passcode content under the passcode settings. Weak Biometric passcode content allows low-security biometric unlock methods, such as face recognition.
    Take advantage of this update by navigating to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android and configure the Passocde settings.
  • Configure Samsung Work Managed devices within the Android enterprise profile
    Profiles in the UEM console have been updated to provide support for Samsung Knox standard features for Work Managed devices. In the General profile, a new field called OEM Settings is added. When the OEM settings is enabled, the profiles that have updated features for Knox support are denoted with a Knox symbol. These include Passcode, Restrictions, Date/Time and APN.
  • Launcher profile supports Multi-User Stage enrollments and Check-In Check-Out functionality for the Work Managed devices
    Android Enterprise enrollments now support Shared device Multi-user staging and Check-In Check-out functionality. Shared Device/Multi-User Device functionality ensures that users can easily share a device while maintaining their unique enterprise resources.
  • Set default Google userIDs for a device in the event a device is reset using a bootloader or fast boot
    UEM console now has a new profile called Enterprise Factory Reset Protection. The new profile allows administrators to set default Google userIDs for a device in the event a device is reset using a bootloader or fast boot. This is useful in the event a device is reset after an end user leaves the company and allows the administrator to use one of the specified Google IDs to reset the device to be assigned to another user.
    Configure your enterprise factory reset protection selecting Enterprise Factory Reset Protection from Devices > Profiles & Resources > Profiles > Add > Add Profile > Android.

Certificates

  • Renew certificates issued via the Simple Certificate Enrollment Protocol (SCEP)
    Administrators can now configure a SCEP certificate template for auto-renewal when leveraging Microsoft ADCS. The renewal capability removes manual intervention required with SCEP configurations and allows the administrators to leverage the performance and scalability. 
  • Define SAN attributes for Generic Simple Certificate Enrollment Protocol (SCEP) and GlobalSign
    Administrators can now configure SAN attributes for Generic SCEP and GlobalSign certificates. Take advantage of this update by configuring the SAN type under Certificate Template - Add/Edit screen. 

Chrome OS

  • End processes in the Task Manager
    You can now configure Application Control Profile for Chrome OS and allow end users to see the end process option in the Chrome OS.
    To use this feature, enable Users can end processes in Task Manager from the Application Control profile under Devices > Profiles & Resources > Profiles > Add > Add Profile > Chrome OS.
  • Launch URL at the startup
    The Content profile now includes a new option to configure URL to open at startup. An additional field, URL, allows you to Launch URL at the startup.
    Take advantage of this feature by navigating to Devices > Profiles & Resources > Profiles > Add > Add Profile > Chrome OS, configure the Content profile and set the URL field.
  • Verify if the boot mode is required for device verification to succeed for the User and Device profiles
    The Security & Privacy for user and device profiles have a new option called Device Verified Mode Required. When enabled, it verifies if the boot mode is required for device verification to succeed.
    Take advantage of this feature by navigating to Devices > Profiles & Resources > Profiles > Add > Add Profile > Chrome OS, configure the Security & Privacy profile, and set the Device Verified Mode Required field.
  • Experience flexible printing capability
    You can now configure Printing profile for Chrome OS that allows you to either use the print preview with Google cloud print or use system print dialog window. If this profile is disabled, printing is only possible through plugins that bypass Google Chrome.
    ​Take advantage of this new feature by navigating to Devices > Profiles & Resources > Profiles > Add > Add Profile > Chrome OS and configure the Printing profile.

Console

  • Flexibility of enabling SAML authentication on the SSP and exclude Enrollment
    The UEM console currently allows SAML authentication for admin, users or both. Administrators now have the choice of using SAML authentication for Admin, Enrollment, or Self-Service Portal and can select all the three, or any combination of two, or choose any one of the three components. Administrators get the flexibility of forcing SAML authentication on the SSP and exclude Enrollment.
    Take advantage of this update by navigating to  Groups & Settings > All Settings > Enterprise Integration> Directory Services and enable .  
  • Automatic user token revocation on enterprise wipe
    Currently Azure active directory does not provide an option to revoke a token from a specific device. Users are logged out from all the Azure SSO enabled sites on revoking the token during an enterprise wipe. Directory Services configuration page in the UEM console now has a new user interface setting that provides an option to the administrator to enable or disable automatic user token revocation on enterprise wipe.
    You can enable the settings by navigating to Accounts > Administrators > Administrator Settings > Directory Services and enable Automatically revoke user tokens when wiping device.
  • VMware Product Improvement Program includes Self Service Portal
    The Self-Service Portal (SSP) is now included in VMware’s Product Improvement Program, which gives you the opportunity to impact the quality and effectiveness of our products. When enabled, this program tests only on SSP usability data, which is essential to ensuring our customers’ real-world needs are being met.
    You can opt in or opt out of the Product Improvement Program at any time by navigating to Groups & Settings > All Settings > Admin > Product Improvement Programs.
  • Configure the Purge Job scheduler to handle file storage blobs
    The existing purge process only considers the database for blobs. The Purge Job scheduler considers both file storage and CDN for purging. Configure the Purge Job scheduler by navigating to Groups & Settings > All Settings > Admin > Scheduler.
  • Enhanced security measures in the Self-Service Portal for all the token-based accounts
    Affecting only accounts that enroll with a token, the following security features are implemented in Self-Service Portal:
    • The Email Address and Phone Number fields is now made read-only on the Add Device and Account screens.
    • The Resend Enrollment Message basic action form features email address and phone number text boxes that are read-only.
    • The View Enrollment Message basic action is made unavailable.
  • Restrict enrollment to only token-registered devices
    UEM console now restricts enrollment to only token-registered devices.
    Enroll your devices with a token by navigating to Devices > Device Settings > Devices & Users > General > Enrollment and ensure that the Authentication tab is selected. Scroll down past the Getting Started section and select Registered Devices only as the Devices Enrollment Mode. A toggle labeled Require Registration Token appears. Enabling this option restricts enrollment to only token-registered devices.

Content Gateway

  • Choose Unified Access Gateway (UAG) as an installation type when configuring a Content Gateway node
    Administrators can now use Unified Access Gateway (UAG) as an installation type to configure a new Content Gateway on Unified Access Gateway or to migrate the existing Windows or Linux Content Gateway to Unified Access Gateway.
    You can now opt in to choose Unified Access Gateway (UAG) as an installation type when configuring a Content Gateway node by navigating to Groups & Settings > All Settings > Enterprise Integration > Content Gateway.

iOS

  • Check for the latest app updates
    Along with viewing the app status, type, name, version, and identifier in the Device Details Page for iOS devicesyou can now view the app updates. The app updates notify the user whether the installed version is the latest version or if an update is available
  • Find out if your app source is installed via App Store, distributed as a Beta app, signed adhoc by an enterprise account, or managed using a device based VPP license
    Along with viewing the app status, type, name, version, and identifier in the Device Details Page for iOS devicesyou can now view the app source. The app source notifies the user if the app is installed via App Store, distributed as a Beta app, signed adhoc by an enterprise account, or managed using a device based VPP license.
  • Configure new DEP skip settings for your iOS devices
    You can now configure three new DEP skip settings at the time of Apple Setup Assistant configuration
    Take advantage of this update by navigating to Groups & Settings > All Settings > Devices & Users > Apple >
    Device Enrollment Program
    and configure the Apple Setup Assistant workflow to Skip the following Setup Assistant options:
    • iMessage And FaceTime: Enable the skip setting to prevent the iMessage and FaceTime prompt during Setup Assistant.
    • Software Update: Enable the skip setting to prevent informing users about Software Updates during Setup Assistant.
    • Screen Time: Enable the skip setting to prevent informing users about Screen Time during Setup Assistant.
  • Request permission from the teacher to leave an unmanaged class in the Classroom app on iOS 11.3+ devices
    While creating Restrictions Profile for Education devices, you now have the ability to allow students who are a part of unmanaged classes in the classroom app to request permission from the teacher before leaving the classroom. 
    Take advantage of this update by navigating to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS and configure the Classroom 2.0 Education Restrictions settings.
  • Ability to disable USB Restricted Mode on supervised devices
    Added a new security and privacy restriction in the iOS Restriction profile that prevents the iOS 11.4+ supervised device users to enter passcode to initially connect or remain connected to USB accessories while the device is locked.
    Disable USB Restricted Mode on supervised devices by navigating to Devices > Profiles & Resources > Profiles > Add, select Apple iOS and configure the Restrictions playload.
  • Configure the Minimum and Maximum TLS versions for the Wi-Fi networks
    While Configuring a Wi-Fi profile for iOS devices, you can now set the minimum and maximum TLS version for the VPN profile of IKEv2 type.
    Configure the Minimum and Maximum TLS versions by navigating to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS and configure the Authentication details in the Wi-Fi settings.
  • Configure Bluetooth as one of the Managed Settings for iOS devices
    Along with Voice Roaming, Data Roaming, Personal Hotspot, you now enable Bluetooth as one of the settings under Managed Settings page in the UEM console. 
    Take advantage of this update by navigating to Devices > Device Settings > Devices & Users > Apple > Apple iOS > Managed Settings > Default Managed Settings.
  • Support for Remote View in Advanced Remote View management
    Administrators can now easily view an end user's device being managed by MDM from the UEM console integrated with Remote View management. Remote view provides a complete remote management suite with  the Remote View capabilities. 
    configure the Remote Management settings from the External Remote Management section.

macOS

  • Optionally disable enforced management of an application
    UEM console now has a new assignment flag called Desired State Management for macOS software distribution. The new flag provide the ability for IT to optionally disable enforced management of an application. Disabling this setting provide the flexibility to deploy applications as a part of one-time configuration and gives the end-users the liberty to uninstall the application locally if needed. 
    Optionally disable this setting by navigating to Apps & Books > Applications > Native > Internal and configure the Deployment settings.
  • Configure new DEP skip settings for your macOS devices
    You can now configure two new DEP skip settings at the time of Apple Setup Assistant configuration.
    Take advantage of this update by navigating to Groups & Settings > All Settings > Devices & Users > Apple >
    Device Enrollment Program
    and configure the Apple Setup Assistant workflow to Skip the following Setup Assistant options:
    • Choose Your Look:  Enable the skip setting to prevent the users from choosing the light or dark mode during Setup Assistant.
    • Display Tone: Enable the skip setting to prevent the Display Tone screen during Setup Assistant.
  • Allow access to all applications in the user context macOS SCEP payload
    Added an option to allow access to all the applications in the user context macOS SCEP payload. When the feature is enabled, all the applications on the device are granted access to the certificate keychain that is issued by the SCEP payload. Thus, the user is never prompted to enter the credentials for granting access to any application on the device.
    Take advantage of this update by navigating to Devices > Profiles & Resources > Profiles > Add > Add Profile and configure the SCEP playload. 
  • Choose to enable and disable Bluetooth command on macOS 10.13.4+ devices
    Device Details Action Button Cluster in the UEM console now includes Managed settings button that lets you enable or disable Bluetooth command. This is applicable only to macOS 10.13.4+ devices.
  • Reboot your macOS 10.13+ device remotely with the Reboot device action
    Device Details Action Button Cluster in the UEM console now has a Reboot Device button that allows you to reboot a device remotely.
  • Shut down your macOS 10.13+ device remotely with the Shut Down device action
    Device Details Action Button Cluster in the UEM console now has a Shut Down button which allows you to send command to shut down macOS devices remotely.
  • Configure the Minimum and Maximum TLS versions for Wi-Fi networks
    UEM console now has the ability to set the minimum and maximum TLS version for the Wi-Fi profile of TLS, TTLS, EAP-Fast, and PEAP protocol types. Take advantage of this update by navigating to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS and configure the Authentication details in the Wi-Fi settings.

Mobile Application Management

  • Make asynchronous calls to VMware AirWatch Cloud Messaging with application publish
    During internal application publish, UEM console now makes asynchronous calls to AWCM so that the time taken for a batch of application installs to execute is not impacted by the performance of AWCM. The AWCM server picks the devices from a queue and sends notification.

Rugged

  • Configure a proxy server when you install a new Linux-based pull service
    UEM console now allows you to configure a proxy server when you install a new Linux-based pull service. You can supply the host name, port, username, and password at install time. If you want to configure a proxy server onto your existing pull service, you must reinstall the pull service using the new installer.
    Take advantage of this update by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Pull Service Installers and follow the instructions prompted by the installer, including the optional configuration of a proxy server.
  • Avoid undue strain on the database and improve the flow of data during the product provisioning process
    UEM console has now enhanced the Product Provisioning Command Queue with the following features to improve the product provisioning process: 
    • A limit has been placed on the number and frequency of commands sent to devices, which in turn, limits the number of samples returned.
    • The default limit for the AirWatch Cloud Messenger (AWCM) outbound queue to devices has been enhanced with a first in/first out (FIFO) algorithm.
    • The policy engine has been enhanced with new logic that accounts for the number of records in such a way that it can reset its queue when needed.
    • Any user-initiated action during the provisioning process is fast-tracked immediately.
    • Navigate to Groups & Settings > All Settings > Installation > Performance Tuning and consult with support about making changes to the two new settings called Product Provisioning AWCM Throttle Rate and Product Provisioning Command Release Batch Size.​

Tunnel

  • Ability to remove the Public SSL certificate from the SSL Certificate Life Cycle Management
    If you have uploaded an incorrect public SSL certificate and wish to remove the certificate from the database, you now have an option to remove them from the UEM console. Take advantage of this update by navigating to Advanced tab under VMware Tunnel

Windows

  • View the OEM updates deployed to your Windows 10 devices in the OEM Updates list view
    Workspace ONE UEM now displays all the deployed OEM updates in the OEM Updates list view. This page allows you to filter the updates by the update type including audio driver, chipset driver, BIOS updates and more. To see these updates in the UEM console, navigate to Devices > Lifecycle > Updates and select the OEM Updates tab.
  • Reboot your Windows 10 devices remotely with the Reboot device action
    Device Details Action Button Cluster in the UEM console now has a Reboot Device button that allows you to reboot a device remotely.
  • New minimum intervals for the device samples
    The AirWatch Agent for Windows platform has been updated with new check-in interval minimum values. The minimum sample values start at 120 minutes.
    To set the new minimum intervals, navigate to All Settings > Devices & Users > Windows > Windows Desktop > Agent Settings.

Resolved Issues

  • AAPP-3417: Clear Activation Lock does not appear for some of the devices while performing the device wipe

  • AAPP-4874: Device Model Name in the Device List View screen shows inconsistent data formatting

  • AAPP-5007: Layer 2 Tunneling Protocol(L2TP) profile with Shared Secret <IPSec> is removed during console upgrade

  • AAPP-5162: Notify Devices action does not work as expected for some of the VPP apps

  • AAPP-5222: Initiating install from Purchased->Manage Devices->Install from filtered results in incorrect number of devices receiving the application installation request

  • AAPP-5283: Pre-registered Device Enrollment Program device does not retain asset number

  • AAPP-5309: Assignment or Removal of DEP profile from Lifecycle>Enrollment Status page throws an unauthorized error

  • AAPP-5322: VPP boxer does not honor application configuration priority on editing the assignment group

  • AAPP-5358: User Based License applications on iOS devices lose assignment and are removed on a device sync on upgrading to 9.4 UEM console.

  • AAPP-5372: mdm/devices/search api returns incorrect status for "IsActivationLockEnabled"

  • AAPP-5395: DEP profile's enrollment OG is not honored if the Staging Mode is set to None

  • AAPP-5429: Add Option is hidden under the On Demand Action dropdown for iOS VPN On Demand

  • AAPP-5590: Bootstrap package incorrectly pushes enrolled devices on device Sync

  • AAPP-5434: Supervised devices incorrectly changes Device Name to Friendly Name even if the Device name to Friendly Name setting is disabled

  • AAPP-5445: VPP Boxer assignment is not always correctly re-prioritized on deleting the higher priority assignments

  • AAPP-5485: User-group mapping fails to honor DEP enrollment if the token is generated from the UEM console

  • AAPP-5619: Device based VPP Boxer fails to receive account host and account name fields from the UEM console

  • AAPP-5640: OS Updates feature flag displays the macOS updates on turning off the feature flag in the device details page

  • AGGL-3144: Install status of a public application changes from installed to install if an internal app is installed on the Android For Work device

  • AGGL-3445: REST API to edit assignment fails to honor ApplicationSource key and breaks the Android For Work application

  • AGGL-3505: Device lock screen does not display custom message when a lock command with custom message is sent from the device list view page.

  • AGGL-3517: UEM console fails to retrieve Google Cloud Messaging Push notification

  • AGGL-3577: Adding android public applications does not work as expected after 9.4 update through installer and patch

  • AGGL-3621: API does not return the same information for Battery Level or Memory Use as shown in the Console

  • AGGL-3657: Push notification does not work as expected if the same application is configured at the Global and LG level

  • AGGL-3817: Symantec CA certificates deployment to Chrome OS fails

  • AMST-142: Device Lock Timeout from restriction profile does not work as expected

  • AMST-5637: Chrome and Firefox browsers are blocked from accessing internet after Data Protection Policy is installed on Windows 10 devices

  • AMST-7031: Windows updates in the UEM console incorrectly displays as GUIDs instead of metadata

  • AMST-7185: Online BSP apps fails to install through Workspace ONE UEM console on Windows 10 on x64 machines.

  • AMST-7227: Windows 10 Azure enrollment with ESXi host from UEM console does not work as expected

  • AMST-7229: UEM console fails to determine the processor architecture for the devices with two processors

  • AMST-7245: Online BSP license synchronization does not work as expected

  • AMST-7551: Windows 10 mobile devices fails to generate assigned access profile

  • AMST-8069: Windows 10 devices incorrectly shows that some of the internal apps as 'installing" on Workspace ONE app and also the UEM console incorrectly shows the apps as pending

  • AMST-8156: Windows metadata parsing fails due to incompatible data types

  • AMST-8382: MSI file fails to show the app as installed even when the app is successfully installed on the devices and the ADA registry shows isinstalled:true

  • AMST-8422: Windows updates fails on resetting the migration script

  • AMST-8444: Windows Feature packs and Windows Drivers are unable to complete auto-approve updates for devices based on the smart groups as the UpdateClassificationID is not set properly 

  • AMST-8478: api/mdm/devices/extensivesearch API does not return all the adapters MAC addresses 

  • AMST-8538: Windows 10 devices experiencing surface Hubs and Hololens enrollment failure 

  • AMST-8560: Bulk API returns incorrect EncryptionStatus value for Bitlocker encrypted devices

  • ARES-5059: App details  and the Images does not honor image size and number limitations

  • ARES-5281: Application deactivation followed by reactivation and dismissing App Removal Protection shows install command ready for device

  • ARES-5373: Uploading Internal applications through the link does not work as expected

  • ARES-5421: SDK tab is not displayed while uploading a new version through App Details> Add version

  • ARES-5577: Changes made to App Catalog Publishing tab fails to create commands for devices

  • ARES-5675: Excel sheet export in the app details page returns blank data 

  • ARES-5849: Engage App product incorrectly shows as "Failed", "Non-compliant", but can be found in the file browser and also successfully installs on the device

  • ARES-5850: Failed Schedule Deployment incorrectly triggers application removal

  • APC-1269: UEM console incorrectly prompts for the passcode creation on killing the Agent App

  • CMCM-183386: Any changes to look-up value fields used in user repository names and repository links as part of “Automatic Templates” is automatically resolved without admin intervention

  • CMCM-187565: Content Locker Badge count updating incorrectly

  • CMCM-187825: Managed content installed status is displayed incorrect on the console and selecting the number of devices throws an error

  • CMCM-187826: Device Details Summary view fails to load in the UEM Console and Self-Service Portal

  • CMCM-187854: Manual template added is not visible the in the Self-Service Portal myRepositories page if multiple links are added

  • CMEM-184764: Boxer assignment change fails to trigger the PS Set-CasMailbox command if the second assignment priority is promoted

  • CMSVC-6651: Intermittently Device Info API does not return any device record  but the status on console and the database shows device as enrolled

  • CMSVC-6678: iOS devices display inconsistent enrollment restrictions based on the order of the rules

  • CMSVC-6725: Enterprise wiping a device does not work as expected

  • CMSVC-6769: Accounts Report contains invalid extra space in the export for User custom attribute

  • CMSVC-6959: Whitelisted platform is blocked from enrolling and does not honor OG whitelist restriction policy

  • CMSVC-7008: iOS devices do not honor compliance status change

  • CMSVC-7113: Android Rugged devices displays incorrect device information under Device Details view

  • CMSVC-7293: Public Apps API request throws an error if the data truncation is encrypted in the user info

  • CRSVC-907: Network Device Enrollment Service(NDES) test connection fails, when using Static Challenge

  • CRSVC-3137: Mitigate iFrame injection vulnerability in the API Help Page

  • CRSVC-3265: Captcha not Enforced in Console Account Recovery Flow

  • CRSVC-3267: : Unable to pull Device Info through CISCO ISE APIs when using LAN MAC Addresses

  • CRSVC-3329: VMware Enterprise Systems Connector installer link missing

  • CRSVC-3330: Self-Service Portal does not load when leveraging localized date formats

  • CRSVC-3377: Database performance issues under heavy certificate usage

  • ENRL-238:  The authentication page on the container does not load on upgrading to 9.5 UEM console

  • ENRL-250: Enrollment Status page throws exception if the data encryption is enabled for the users

  • ENRL-276: Terms of Use Status is displayed as not accepted when the device user who has end user license agreement accepted is unenrolled

  • ENRL-280: Device registration page from lifecycle enrollment screen fails to open if the group id is removed

  • FBI-177603: Call log verbose history report shows incorrect call time by adding time zone difference

  • FBI-177824: Application Details by Device Report shows incorrect data

  • FBI-177866: Application Details by Device Report fails to return correct number of devices

  • FBI-177872: Devices with Application and User Details Report does not show all the versions of an internal application

  • FBI-177970: Device Usage Detail Report fails to retrieve information in the Data usage (MB) column

  • FBI-177971: Devices with application and user details Report displays "Try Again" or shows "Complete" with an empty report

  • FBI-177992: Devices with Application and user details report does not honor the privacy rule settings

  • FCA-184656: Blacklisted apps report does not retrieve any record even though the enrolled device has the blacklisted apps defined in a Blacklisted App group

  • FCA-185926: Self -Service Portal login fails if the password contains "<" that is followed by any character

  • FCA-186426: Saving Admin Account setting fails on admin accounts with custom role if the "APNs" resource is disabled

  • FCA-186463: Self-Service Portal does not display company logo

  • FCA-186531: SSP landing page calls sp interrogator.ComplianceSummary_Select  to calculate if device is storage encrypted

  • FCA-186805: Self Service Portal fails to authenticate after Microsoft Patch update KB4089187 or subsequent patches

  • FCA-186811: Character validation of the friendly name differs in the settings page and edit device page

  • FDB-1790: Database scrub using the inbuilt stored procedure in the AirWatch database 'Maintenance.ScrubDB' does not work as expected

  • FDB-1814: Admin_LocationGroupDelete sproc encounters FK error when the organization that contains video is deleted

  • FDB-1817:  Self-Service Portal shows duplicate device entries

  • FDB-1822: iOS_BulkProfileCommand sproc results in timeout error

  • FDB-1826: Profile publish fails due to deviceProfile.DeviceProfile_ListDevicesByProfileID_NeedUpdate time out

  • FDB-1827: deviceapplication.Application_LoadActionsById Sproc experiencing time out error

  • FDB-1840: The Admin_LocationGroupDelete sproc results in a FK error, if an organization is deleted

  • FDB-1843: Device List View search does not work as expected on using the management type filters

  • FDB-1855: UEM console takes a longer time to load while accessing the Application detailed view from App & books > Application > Native > Internal 

  • FDB-1903: Customer type OG deletion fails with FK error on the FK_Certificate_CertificateTemplateID 

  • INTEL-3601: Custom Report does not return any data on setting the filter operator as 'Includes' with a custom value

  • PPAT-3338: VMware Tunnel configuration page displays VPNServerSSLCertificateMissingError 

  • PPAT-3424: Server Traffic Rules proxy password incorrectly reverts to password if you add in a proxy with authentication details, navigate away from the page or reload the page, and then edit, save & publish the settings

  • RUGG-3853: Jobs change of state or deletion results in non terminal state on changing the OG or assignment

  • RUGG-3861: Product set or item is stuck in the policy engine queue and fails to process if the policy engine encounters sql server timeout or any exception error

  • RUGG-4576: Product profiles allows duplicate assignment groups creation for the same OG

  • RUGG-4723: File/Action upload in the UEM console using IE browser does not work as expected an throws a error

  • RUGG-4784: ActivatePolicy or Process Device fails to look at the last job status for Policy Engine

  • RUGG-4939: Wallpaper and Title Bar Icon values are missing in the copy of the Launcher profile

  • RUGG-4998: Name section on the Secure Launcher canvas limits the usage of special characters on upgrading to 9.4 console

  • SINST-174851: Tunnel proxy installation with Kerberos fails as the VMwareKerberosProxy service fails to start due to missing libraries

  • SINST-174879: VMware Enterprise Systems Connector throws incorrect message during VMware Identity Manager connector upgrade

Known Issues

  • AAPP-5500: Edited app deployment parameters is not sent to the deployed macOS software distribution packages

    On editing a macOS software package and modifying the existing app, deployment parameters command is not queued. 

    To overcome the issue, re-install the application to install the modified application deployment parameters.

  • AAPP-5537: Remove application command is queued when a macOS device re-enrolls immediately after a software package installation

    Remove application command is queued when a macOS device re-enrolls immediately after a software package installation. The re-enrollment issue occurs if a device un-enrolls immediately after the application installs successfully.

    To overcome the issue, it is recommended not to re-enroll the device immediately after the app installation.

  • AAPP-5669: Devices that are enrolled via DEP do not come out of await configuration as the device configured command is removed

    When a device is configured to auto-check-out to an end-user, all the commands that are queued on the enrollment are removed before it is processed.

    To overcome the issue, administrators can manually send the Device Configured command from the device details or disable await configuration for the affected DEP profiles and reassign the profile to all devices. However, the second workaround works only if the devices are not connected to Wi-Fi from the setup assistant.

  • AAPP-5676: Carts cannot be added to the Apple Education page from a child OG.

    Education page is not displayed in the sidebar for a child OG.

    To overcome the issue, navigate to Hub > Education > Cart List at the OG where Education is configured, and then navigate to the child OG.

  • AGGL-3738: Register Enterprise FOTA restriction is displayed in the restriction profile UI even if the Firmware Over The Air (EFOTA) is not configured

    Register Enterprise FOTA restriction should be displayed in the restriction profile only if the EFOTA is configured for the OG.

    To overcome the issue, clear the Register Enterprise FOTA in the restriction profile if EFOTA is not configured.

  • AGGL-3768: Huawei service application is not pushed from the UEM console

    Huawei service is not pushed from the UEM console during enrollment.

    To overcome the issue you can push Huawei service application either during enrollment via google play, or it can be pushed as an internal app post enrollment.

  • AGGL-3784​: Users are unable to search for public applications (non-AFW) through the UEM console.

    When searching for Android public application the search gives an error message that displays "An error has occurred. This error has automatically been saved for further analysis. Please contact technical support."

    There is no known workaround at this point.

  • AGGL-3860: In a new OG Post environment migration, agent settings specific to Knox Play for Work that was not received are not sent to the device and AFW is not configured in the Knox container.

    In a new OG post environment, Knox Play for Work enrolled device fails to receive the agent settings and AFW is not configured in the Knox container.

    There is no known workaround at this point.

  • AAGNT-184174: Android P enrolled device OS version displayed as "0.0.0".

    When enrolling an Android P enrolled device the OS version is being displayed as "0.0.0." instead of "9.0.0.".

    There is no known workaround at this point.

  • ARES-5637: Running Deprecated Bypass Application details by device report does not work as expected

    Deprecated Application Details by Device report throws an error in the Global OG.

    There is no known workaround at this point.

  • ARES-5760: Publishing application for 37K devices results in List view error

    Performance issue when publishing application for large number of devices.

    There is no known workaround at this point.

  • ARES-6096: Changing Profile deployment option from Optional to Auto, incorrectly changes the profile removal option

    Changing Profile from Optional to Auto, changes the Profile removal from NEVER to ALWAYS. 

    There is no known workaround at this point.

  • AMST-8010: License count shows as zero for P2P

    When a new server version (v. 757) is seeded but not yet upgraded the license count shows as zero on the server.

    To overcome the issue, upgrade Adaptiva server v.757 and save the p2p settings on the console.

  • AMST-8106: Agent gets uninstalled if there bad response from the server

    When the database is offline and the memcache is enabled, the agent gets uninstalled on synchronization.

    To overcome the issue, do not take the database offline or use memcache.

  • AMST-8534: Application is not deleted if the compliance policy blocks application by app ID

    When a compliance rule is set to block or remove applications and a device is out of compliance then the application is not removed from the device.

    To overcome the issue, use Block/Remove Managed App rule, instead of using a specific application rule.

  • AMST-8642: Software Distribution client is not updated as installed on the first app sample

    The selective app list sample does not update the status of the Software Distribution client on the device details applications page.

    To overcome the issue, manually query the application list sample from the device details page and the status updates immediately if not the status does not update until the first scheduled application list sample.

  • AMST-8643: Workspace one application shows incorrect install status

    When using the Workspace ONE application from the Business Store Portal and uploading it as an internal application, incorrect install status is displayed in the device details apps page on the UEM console.

    Use Business Store Portal online or offline to push the application to the device.

  • AMST-8794: SCEP cert fails to land on the device

    When using SCEP payload the profile displays as installed but the certificate is not landing on the device.

    There is no known workaround at this point.

  • CMSVC-7455: View and Merge shows restriction message

    View and Merge shows restriction message for admin group when created at child OG.

    There is no known workaround at this point.

  • CRSVC-3589: Device Friendly Name display as NA in the Syslog server

    Syslog configuration in the UEM Console supports the configuration of the message content which should be delivered to the Syslog server. In the Message content configuration one can also specify the device friendly name as the look up value so that this value gets replaced when the syslog message is constructed by the event framework to be send to Syslog server. 
    For all the console events, since the device-friendly name does not apply, it is shown as “N/A” in the Syslog server.

    As a workaround, do not use device friendly name for identifying the device. The device friendly name is a dynamic value that can change over time and may lead to inconsistent logging.

  • ENRL-319: Using email address for checking out a device in case of single staged user prevents you from going past the Terms of Use screen after accepting the EULA.

    Using email address for checking out a device in case of single staged user prevents you from getting past the Terms of Use screen after authenticating with UPN (SUS) on Single-Standard Login screen.

    To overcome the issue, either disable the EULA or avoid using email address to login on single-standard checkout screen.

  • FCA-186939: Device activation email does not show expected expiration timestamp for token-based device enrollment

    Token-based enrollment can have an expiration period of 24 or 48 hours. Device activation email notifies the users about the token expiration date. However, the expiration time does not match the expected time based on token-based device enrollment

    There is no known workaround at this point.

  • FCA-187015: SSO from vIDM portal fails

    The SSO connection between vIDM and WSO fails when accessing the App Catalog through a web application link.

    There is no known workaround at this point.

  • FCA-187023: Device Search API documentation shows wrong parameter name for the compliance status search 

    The parameter name for searching by compliance status is displayed as compliantstatus  instead of compliancestatus.

    Use "compliancestatus" parameter for searching devices by compliance status.

  • FCA-187029: Username is not legible on the SaaS app assignment modal

    When you search for the users to assign SaaS apps, the username results are not legible due to the highlight background color.

    You can read the name clearly when you do not hover over the desired name.

  • HW-87326: SaaS application addition using WSfed1.2 does not work as expected

    Adding SaaS application using WSfed1.2 is blocked from WS1 UEM console

    There is no known workaround at this point.

  • HW-87881:SaaS application edit & copy does not work as expected

    SaaS application edit and copy is blocked from WS1 UEM console.

    There is no known workaround at this point.

  • RUGG-5243: Create Manifest for file and actions displays FileSync Upload and FileSync ​

    FileSync Upload and the FileSync download options are getting listed under the File Action Manifest for all platforms 

    It is recommended that you do not use these options as these features are not complete for the 9.6 Release.