Learn about new features and the enhancements made in each of the productivity apps, related products, and the Workspace ONE UEM console releases. Get quick access to the UEM console change log, interoperability matrix, and our important end of support announcements.

Workspace ONE UEM console Release Notes

By allowing gradual rollout of our software initially into the Shared SaaS environments, SaaS Ops together with Engineering is able to monitor the success of the updates prior to making the software generally available to on-premises customers. On-premises components will be made available to our customers within a few weeks after our Saas release.

Want to see our latest SaaS and On-Prem documentation? Look at VMware Workspace ONE UEM Console Documentation.

Went live on February 26, 2020. To view full release notes with resolved issues and known issues, see 2102 Release Notes

Android

  • We've made enhancements to the UEM console to enable the clear passcode capability using Direct Boot.
    Apps do not run during the Direct Boot mode by default, which is when the device has been powered on, but the user has not unlocked the device. We've made some modifications in the UEM Console that allows you to send a clear passcode command with Workspace ONE Intelligent Hub for Android while the devices are in the Direct Boot mode. Direct Boot is only available on Android 7.0 and above devices that support a specific type of file-based encryption. For more information, see Android Device Management
  • We have introduced a native experience to using your Android devices as shared devices.  Native Android using Check-In Check-Out for shared devices supports simpler use cases that do not require as much customization as Launcher. You can create secondary users, use simple branding, implement restrictions, and limit applications. For more information, see Configure Shared Android Devices for your Shift Workers.

Chrome OS

  • Let multiple users securely share the same device within your organization.
    With Managed Guest Sessions, you can now use your devices as shared devices among multiple users within the organization. It enables Chromebook to log in and out as a shared user, encouraging different users to securely share the same device for web browsing, inventory lookup, job applications, or school exams. Shared users have limited access to the device and data cannot be shared between sessions. For more information, see the Kiosk section of Chrome OS Profile Management

Freestyle

  • Technical Preview: ​Schedule Resource Installs At Your Convenience.
    The time it takes to update devices with downloadable content such as apps can be lengthy and the device's performance during this time is often poor, to say the least. The Time Window feature allows you to schedule those updates outside of peak work hours, using the device's local time. You no longer have to choose between keeping your device up to date and being productive.
    Note: Time Windows can be applied only on Freestyle Workflows. Technical preview features are not fully tested and some functionality might not work as expected. However, these previews help Workspace ONE UEM improve current functionality and develop future enhancements. For more information, see Technical Preview: Make a Time Window and Assign it to Devices

iOS

  • Purchase and deploy public apps to your managed tvOS devices.
    You can now sync, assign, and deploy tvOS app licenses in the Workspace ONE UEM console. All settings which are available for iOS apps, including installation, configuration, update, and deletion, are now also applicable to the deployment of public apps. For detailed information, see Public Application Management (tvOS).
  • Would you like to check which time zone is set on your Apple devices to evaluate any changes? You can now monitor the time zone of your Apple devices in the UEM console. 
    We let you track the time zone reported by the iOS, macOS, and tvOS devices in the Workspace ONE UEM console under Device Details.

Windows

  • Use the Autopilot integration in Workspace ONE UEM to deploy domain join for both cloud and on-premises users. 
    We've now integrated Microsoft Autopilot with Workspace ONE UEM to support Hybrid Domain Join. With the new integration, you can combine the on-premises domain join process in Workspace ONE UEM with your Autopilot device configurations that are set in Azure. For details on how to set up this integration, see Integration with Microsoft Autopilot

  • Get email and console notifications when a new version of an existing app in your catalog becomes available.
    You can now simply click "add application" from the console notification and it automatically takes you through the steps to update and distribute the new version of your application. You can also enable notifications for the existing EAR apps by editing them from your Apps and Books section. For more information, see Upload and Configure Win32 Files for Software Distribution.

Went live on January 22, 2021. To view full release notes with resolved issues and known issues, see 2101 Release Notes

Console

  • We've made a few changes to Intune App Protection Policy.
    Workspace ONE UEM now notifies you if the Intune App Protection policy has been deleted or modified. You will be notified upon the launch of the Microsoft Intune App Protection Policy in Workspace ONE UEM console.

Integrate with Azure AD Conditional Access Policies

Android

  • Would you like to know how much storage is available on the devices being managed by the UEM console?.
    The Device Details summary page now reports the internal storage and external storage for the enrolled devices. This is supported for devices enrolled as Fully Managed Mode.For more information, see Android Device Management

iOS

  • We're working on building a more-inclusive digital workspace.
    As part of our efforts around inclusion, we’re taking a close look to ensure we’re using a more inclusive language. We’re undergoing a process to review terms and replace some of those problematic terms with an alternative. You'll notice some of the terminology updates in our user interface.

Application Management

  • A better way to update and manage your new application versions.
    Your internal application version number can now have a 4th decimal field which makes it easier for you to upload new application versions. Also, we've made a few UI updates. The Actual Version is now called the App Version and the Internal Version is now called the UEM version. For more information, see Internal Application Versions.

Content Management

  • We've disabled syncing with the Corporate File Server.
    The overload on the Device Services server and the database caused by the constant auto-syncing of the Corporate File Server often causes performance issues. To reduce the overload, you can now disable the auto-sync of the corporate repositories on the Settings > Content > Advanced > Corporate File Servers page of the UEM console. You can also disable viewing of the corporate file server content displayed on the Content > List View page.
  • We've bid farewell to Personal Content.
    As Personal Content has reached the End of General Support, we have removed the obsolete code for all configurations related to Personal Content.

Rugged

  • Prioritize selected products and move them to the "front of the line".
    You can prioritize selected products, moving them to the "front of the line" and upload them to relay servers ahead of other products. This means prioritized products are installed on devices before non-prioritized products. This is useful for when you have an important update that must find its way to devices ASAP, such as a bug fix to a critical business app, security patches and OS updates, rollbacks of accidental deployments, and many other scenarios. For more information, see the Deployment tab of Create a Product.

Windows

  • Check out the updated Encryption Profile with enhanced support for native BitLocker encryption for Windows Desktop.
    We have updated our support for BitLocker to include the escrowing of recovery keys. If the drives cannot restart on your Windows 10 devices, Workspace ONE UEM has a recovery key for each drive. You can allow users to set PINs with more than numbers with the Allow Enhanced PIN at Startup setting. Users can set uppercase and lowercase letters, use symbols, numbers, and spaces. Note: Not all systems support non-numeric characters at startup, so please test carefully in your environment. We have also added more BitLocker statuses to the Device Details pages. Find statuses for Encrypted, Encryption in Progress, Suspended, and Partially Protected. These statuses correspond to rules in compliance policies so that you can configure policies to support the BitLocker encryption status you want to enforce. For more information, see Encryption Profile.
  • Use Workspace ONE UEM to join your On-premises domain during enrollment.
    You can now enable Workspace ONE UEM to create computer objects in your On-premises Active Directory and deliver the domain join configuration to your Windows devices, orchestrating the full provisioning process as part of enrollment. Leverage this feature with VMware Tunnel to deliver a fully ready-to-work, domain-joined Windows device directly to your remote end-users, allowing them to login directly to their fully configured desktop using their domain credentials and get productive in a matter of minutes. For more information, see Domain Join Configuration for Windows Desktop.

Went live on January 15, 2021. To view full release notes with resolved issues and known issues, see 2011 Release Notes

Console

  • Are you a new customer opting into Hub Services or Workspace ONE Access from UEM? You'll no longer see the VMware Terms of Service if you've already accepted the Terms of service in the UEM Console.
  • Update the Outbound Proxy Tooltip content to include restarting of all AirWatch services.
    When saving the global proxy setting all AirWatch services make outbound requests depending on the initiated flow as a result we updated the tooltip content to include restarting of all AirWatch services.

Chrome OS

  • Configure certificates with or without a wi-fi network.
    We have updated the profiles to split the certificates section of the Network profile into a new Credentials profile. After upgrade, all existing certificates are migrated to the Credentials profile and you can configure certificates with or without a wi-fi network. Want to know more? see Configure Credentials profile.
  • More easily migrate Chrome EMM Registration between consoles.
    To support migrating your Chrome EMM Registration from one environment to another, when you clear Chrome settings in the UEM console, all Chrome OS device records are cleared out, all Certificates pushed to Chrome users and/or devices from the console are revoked, and the UEM Extension is removed from devices. Want to know more? see Setup Chrome OS Configuration Settings. Want to know more? see Setup Chrome OS Configuration Settings.

Android

  • Did you know there have been changes to Android management using device administrator (Android Legacy)?.
    We have updated the UEM console to make Android enterprise the default deployment model for Android devices, and the legacy Android management model (also known as device administrator) will be accessible by exception. Android enterprise is custom-tailored for bring-your-own-device (BYOD), corporate-owned, and dedicated device modes, each with unique management controls and user experiences. For more information about this change, see Upcoming Changes to Android Management Using Device Administrator (Android Legacy). .

iOS

  • Monitor, logout, and delete the users on your Shared iPads.
    Admins with Shared iPads for Business can now track the users that exist on their devices as well as forcing these users to logout or even be deleted. Want to know more? See Monitor, Logout, and Delete a User.
  • Improve your device update experience by skipping some or all screens on iOS 14 and macOS Big Sur 11.0 devices.
    You can now deploy a Skip Setup Assistant payload and choose to the skip the setup screens after an OS update. For more information, see Configure a Setup Assistant Profile. For more information, see Configure a Setup Assistant Profile .

macOS

  • macOS 11 Big Sur updates to Bootstrap Token.
    Bootstrap Token has been enhanced to support macOS Big Sur. Bootstrap Token escrow status details can now be retrieved with Console APIs for Device Information, and Event Logs now display Bootstrap Token removals. For more information, see MDM Bootstrap Token.
  • macOS SSO Extension profile in User context.
    Starting from macOS Big Sur, admins can now create the SSO Extension profile in either device or user context based on deployment needs. Want to know more? see Configure an SSO Extension Profile.

Application Management

  • Sort your internal apps by the date-time they were created and filter them by the source they were added from.
    We've added two new columns to the internal app list view page. The CreatedOn column lets you sort the apps based on the app creation timestamp and the Source column lets you filter apps based on the application source.

Content Management

  • We've automated repository addition for you through APIs.
    You can now add repositories using APIs instead of adding repositories manually on the UEM console.
  • We've announced end of support for the Personal Content portion of the Workspace ONE Content solution.
    End of General Support for VMware Workspace ONE Personal Content.Want to know more? see End of support announcement.

Tunnel

  • Explicit Security with NSX-T.
    Tunnel NSX integration now supports NSX-T. With this, you can specify explicit paths between your apps on devices and services in your data center. For more information, see Integrating VMware Tunnel with NSX.
  • Smart Groups for Device Traffic Rules.
    Looking to enforce Zero Trust policies for application access? You can now create multiple policies for Device Traffic Rules and assign them to individual profiles, helping you achieve least-privilege based access policies. For more information, see Create Device Traffic Rules.

Went live on October 14, 2020. To view full release notes with resolved issues and known issues, see 2010 Release Notes

Documentation

  • Have you seen our new in-page Navigation interface? If not yet, see VMware Workspace ONE UEM Console Documentation.
    We’ve heard your feedback that the traditional nested table of contents (TOC) structure is difficult to use. Starting 2008, you can search and discover content by using our new navigation homepage that is organized according to how you use the product.

    Don't forget, we've removed release-based versioning in our left navigation sidebar. If you are looking for Cloud content, you can select services from the version selector drop-down menu. If you are looking for on-premises documentation, choose the version of Workspace ONE UEM you want to learn about when you land on our content on the VMware Docs site.

     

    Take a look at our new navigation homepage and tell us what you think. To leave a feedback, go to Workspace ONE UEM Console Documentation, jump to the bottom of our feedback section, and tell us what you like about the new experience.

Credential Escrow Gateway

  • Faster Windows 10 certificate delivery for escrowed SMIME certificates.
    Moving to an event driven model to notify UEM when certificates are uploaded to the Credential Escrow Gateway greatly enhances the speed with which we can deliver escrowed certificates to Windows 10 devices.
    Note: Any certificates uploaded to Escrow Gateway (EG) prior to version 1.2 are no longer compatible. After you have migrated Redis data to EG 1.2+, upload the certificates again using either a v1 or v2 endpoint to be retained for the entire length of your configured retention period.

Freestyle Orchestrator (Preview)

  • Introducing Freestyle Orchestrator (Preview).
    Freestyle Orchestrator is a low-code IT orchestration platform that gives you the flexibility to create workflows for resources such as apps, profiles, and scripts and apply them to devices based on granular criteria. This functionality provides customers the ability to define complex onboarding workflows, go through multi-step processes like upgrading BitLocker with a one-time setup and can additionally be used to target devices based on any device-related criteria. Want to know more? see What is Freestyle Orchestrator.

Android

  • View the "Last Reboot" timestamp in the UEM console under Device Details.
    Would you like to know the last reboot time of your devices as you are troubleshooting or viewing device details? You can now view the "Last Reboot" timestamp in the UEM console under Device Details. For more information, see Device Details.
  • Distribute Applications for closed testing.
    In the UEM console, you can now test and deploy custom internal test tracks of the application before releasing the production version. For more information, see Deploy Private Applications to a Testing Track.

iOS

  • Force log out users of Shared iPads for Business.
    You can now forcefully log out the current user of a Shared iPad to return it to the main lock screen. This allows a new user to pick up and begin using the device. For more information, see Manually Log Out a User.
  • Prevent your Apple devices from randomizing their MAC address.
    iOS 14 brings you a new privacy feature where the MAC address of devices connecting to Wi-Fi will be randomized instead of showing the true hardware MAC address. With Workspace ONE UEM, this can be prevented for targeted Wi-Fi networks.
  • Prevent users from removing any managed iOS applications.
    You can now set any managed apps on iOS 14 devices to be unremovable by users.
  • Set specific domains to be included or excluded in VPN configurations.
    In iOS 14 per-app VPN configurations can set specific domains and subdomains to leverage or avoid the VPN for connections.
  • Deploy your APNs traffic through an HTTP proxy.
    If you are leveraging an HTTP proxy for their Workspace ONE UEM environment, they can choose to send all traffic through the proxy for outbound APNs.

macOS

  • Defer software updates on macOS Big Sur.
    Previously, macOS devices could only defer major OS software updates. In macOS Big Sur, admins can now defer non-OS software updates on macOS devices.
  • Prevent your Apple devices from randomizing their MAC address.
    macOS 11 Big Sur brings you a new privacy feature where the MAC address of devices connecting to Wi-Fi will be randomized instead of showing the true hardware MAC address. With Workspace ONE UEM, this can be prevented for targeted Wi-Fi networks.
  • Set specific domains to be included or excluded in VPN configurations.
    In macOS Big Sur per-app VPN configurations can set specific domains and subdomains to leverage or avoid the VPN for connections.

Windows

  • Make your software deployments easier and more flexible when the installation complete criteria changes.
    You can now edit the When to Call Installation Complete criteria for Windows app deployments. For more information, see Configure Win32 Files for Software Distribution.
  • We've removed support for Windows Phone devices in the Workspace ONE UEM console.
    Windows Phone devices are no longer available in the Workspace ONE UEM console as of the Workspace ONE UEM 2010 release. You will not be able to manage, wipe, or reset the devices from the console. To remove any device management, initiate removal of our Work Account or factory reset the device. For more information, see our KB article on Windows Phone Management will be removed from Workspace ONE 2010.
  • Check out the Technical Preview for Workspace ONE Drop Ship Provisioning (Online).
    Workspace ONE Drop Ship Provisioning for OTA eliminates the need to create and share PPKGs with your hardware manufacturer. Simply assign your payloads to a tag in the Workspace ONE UEM console, and then place an order with your Windows 10 hardware manufacturer using that Workspace ONE UEM tag. Technical preview features are not fully tested and some functionality might not work as expected. However, these previews help Workspace ONE UEM improve current functionality and develop future enhancements. For more information, see our KB article on Technical Preview: Workspace ONE Drop Ship Provisioning for OTA.

Application Management

  • Block access to your Workspace ONE SDK apps when the apps are not managed by EMM on your end-user devices.
    While configuring the app assignment, if you set the EMM Managed Access flag as 'needs EMM management', then the SDK app tries to access the EMM managed app config on the device. If the app is unable to access this information, it indicates that the app is unmanaged and the access to it is blocked. For more information, see Add Assignments and Exclusions to your Applications.

Content Management

  • As part of our efforts around inclusion, we replaced a few offensive terms.
    We’ve implemented a process to evaluate and adopt alternatives for potentially offensive terms in Mobile Content Management console pages.

Email Management

  • The SEG custom settings are now available as key-value pairs in the Workspace ONE UEM console.
    You can now configure the SEG custom settings as key-value pairs in the Workspace ONE UEM console. The commonly used properties are seeded in the Workspace ONE UEM Console. For more information, see SEG Custom Gateway Settings.

Integrate Directory Services

Rugged

  • Queue Content to Relay Servers without assigning your devices.
    You can now add content to push and pull relay servers (including Relay Server Cloud Connectors) without requiring those servers to have devices enrolled in its associated organization group. This means you can get all the apps and content staged before devices are even enrolled. For more information, see Publish Product to Relay Server.

Scripts and Sensors

  • Use Scripts to automate endpoint configurations.
    Use the new Scripts feature for macOS and Windows Desktop devices to send code to devices to run processes. For example, push a script to macOS devices to reset printer configurations or push a script to Windows Desktop devices to remind users to reboot their machines. To keep sensitive data in your scripts safe, Workspace ONE UEM includes variables to obfuscate information such as email passwords and session tokens. If you integrate your Workspace ONE Intelligent Hub with Scripts, your device users can access these useful scripts any time they want. Scripts display in the Apps section of the Hub catalog. For information about Scripts for Windows Desktop, access Automate Endpoint Configurations with Scripts for Windows Desktop Devices. For details about Scripts on macOS, see Automate Endpoint Configurations with Scripts for macOS Devices
  • Find Sensors in its new place in the navigation and check out the updates.
    We've moved Sensors under Resources so that you can find it easier. And now, not only can you use Sensors with Windows Desktop, we've added support for macOS. Use scripts in your Sensors to collect all kinds of data that you can view for a single device in that device's Device Details page, on the Sensors tab. This new tab removes the need to use the VMware Workspace ONE Intelligence service. But don't worry, if you do use Intelligence, you can continue to enjoy viewing and interacting with data for multiple devices with reports and dashboards. For more information, see Collect Data with Sensors for Windows Desktop Devices. For details about Sensors for macOS, see Collect Data with Sensors for macOS Devices .

Went live on September 15, 2020. To view full release notes with resolved issues and known issues, see 2008 Release Notes

Documentation

  • Welcome the new navigation homepage that helps get you where you want to go.
    We are launching a new navigation homepage that speeds your documentation discovery. The page shows you what’s available in our documentation portal, sets you in the right direction, and helps you get started. We've grouped our documentation into logical buckets to help narrow down what you are looking for. Like to explore? See VMware Workspace ONE UEM Documentation.

iOS

  • Skip the latest iOS 14 and macOS Big Sur onboarding screens.
    You can now skip the latest Setup Assistant screens such as Accessibility, Update Complete, and Restore Complete screens.
  • Prevent users from accepting App Clips.
    You can now prevent iOS 14 devices from viewing a new feature called App Clips where a user can view and interact with a small portion of a larger app binary without downloading the full app itself.
  • Override existing passwords while configuring native mail.
    In iOS 14, you can now choose to override a previous password on a device when installing an Exchange ActiveSync email profile.
  • Control your apps notification previews in iOS 14.
    If an installed app is receiving push notifications displayed to the user, admins can prevent the content of the notification from being displayed if the device is locked or at all.

macOS

  • Onboard your macOS devices with true zero-touch.
    You can now simply plug in your new Mac computers into ethernet and power them on. With Auto Advance configured in Workspace ONE UEM, macOS devices will be automatically onboard, skipping all required screens with no user interaction.

Android

  • Detect and monitor network activity on your corporate owned devices.
    You can enable Network Logging for Android devices deployed through Work Managed enrollment. When active, Android records DNS requests and network connections from apps to a log file for the specified duration via the Request Device Log command. This option is only available for Work managed devices running Android 8 and higher.

Application Management

  • Configure Workspace ONE Boxer to support multiple managed accounts.
    You can now use the Boxer application to manage your multiple email accounts assigned with different settings. This capability comes with Boxer version 5.21 or later and requires SSO activation.

Content Management

  • Don't be surprised if the "Use Legacy Settings and Policies configuration" is not seen in the Content Legacy Settings.
    To avoid conflicts between the Content Legacy configuration settings and the other SDK settings, the Use Legacy Settings and Policies configuration setting under System Settings > Content > Applications > Workspace ONE Content App has been deprecated. The assigned SDK profile will now be the supported mechanism for delivering the DLP policies to the Workspace ONE Content app. For more information, see Configure VMware Workspace ONE Content.

Rugged

  • Workspace ONE Launcher now shows you the install status only if its relevant for the device record.
    We've made some user interface changes to Workspace ONE UEM Launcher. You will now only be able to see the install status of Launcher in the Workspace ONE UEM console Device Details if the device is assigned to a multi-user staging user or the Launcher profile is assigned to a device. For more information, see Workspace ONE Launcher Status.
  • We've added string comparison support to Product Provisioning.
    When making an assignment rule, comparisons using the less than (<) and greater than (>) operators (and their variants) continue to only be applicable to comparisons of strictly numerical values. The new exception is when you are comparing OEM build versions, you can apply < and > operators on non-numerical ASCII strings. An example is when an OEM update filename includes hyphens, periods, and other characters together with numbers. Such assignment rules must identify a device manufacturer in the rule logic and that comparison is deemed accurate when the format on the device matches the one specified on the server.

Tunnel

  • SDK Tunneling now supports 3rd party Certificate Authorities for Client Auth.
    Tunneling with the Workspace ONE Web app or any other apps you may build with the Tunnel component in SDK natively supports the secure SCEP CA integrated into your UEM services. Now we also support your other certificate authorities for use with Tunnel. For details about embedded tunneling with Workspace ONE Web. For more information, see AirWatch App Tunnel.
  • Reach internal SMB domains from Files on iOS through the Workspace ONE Tunnel app.
    You can now access internal SMB file shares through the Files app on iOS. The app is already seeded and available for configuration through the Device Traffic Rules on the Tunnel Configuration page. For details about configuring both mobile and desktops for app-tunneling rules.For more information, see Create Device Traffic Rules.

Went live on July 20, 2020. To view full release notes with resolved issues and known issues, see 2007 Release Notes

Android

  • Turn off secure start-up when you're setting a PIN for your Android devices.
    We've added a new field to the Passcode profile which allows you to disable secure startup for users when they are setting up a PIN on Android devices. When disabled, users are not prompted for a PIN to reboot the device, and devices can still be used as shared devices without any problems. This feature also supports Android and iOS boxer client. For more information, see Enforce Passcode Settings.

iOS

  • Sharing iPads for line of business and other enterprise got more more secure.
    Workspace ONE UEM now offers the ability to deploy Shared iPads for Business. Any compatible device enrolled via Apple Business Manager can now be deployed as a Shared iPad and create unique data partitions using their Managed Apple ID or a Temporary Session. User’s data is secured in their partition, and they will only see the apps and profiles assigned to them as they natively log in and out of the device. For more information, see Shared iPads for Businesss.

Certificates

  • Uploading the SMIME certificates to Workspace ONE UEM for our on-premises iOS and Android users just got even easier. Credential Escrow Gateway is now automated through Workspace ONE UEM.
    When a device is enrolled, an event is sent to your defined webhook, which tells the certificate provider to upload the user certificate to the Escrow Gateway. Once the certificate is available, the Escrow Gateway fills the profile with required information, encrypts the profile for the device, and the certificate gets deleted from the Escrow Gateway as per configured settings. For more information, see Credential Escrow Gateway.

Tunnel

  • Redirect traffic to a specified HTTPS proxy that resides behind Tunnel.
    You can now create a Tunnel connection and authenticate to an outbound proxy which is residing behind the Tunnel gateway. This feature is only supported by the Tunnel SDK on iOS as used by the Workspace ONE Web app. For more information, see Create Device Traffic Rules.

Windows

  • Disable user notifications while installing and removing applications on your Windows 10 Devices.
    When you deploy some applications, such as security, infrastructure, or frequently changing apps, you might want to prevent notifications from appearing to your end-users. You can now choose to hide the installation notifications for auto-deployed apps from the Action Center in Windows and the Installation Monitor in the Intelligent Hub and Workspace ONE app. For details, see Add Assignments and App Policies to your Win32 Applications.
  • We've updated the SCEP profile for Windows Desktop.
    To enhance our support of certificate authorities (CAs) for Windows 10, we've removed the requirement to enter an Issuer of your CA. Also, you can now use SCEP certificates that use SAN attributes with non-AirWatch Certificate Authorities. The system sends the added SAN attributes with the certificate request through the SCEP profile. Find the SCEP profile for Windows 10 devices in Devices > Profiles.
  • We've added support for Registered Mode for Windows 10 devices.
    Windows 10 devices that enroll with Workspace ONE Intelligent Hub or OOBE can also enroll without MDM management with Registered Mode. Registered Mode is also known as Management Mode and you can assign this enrollment method by organization group or by a smart group. Find the settings for Registered Mode in Devices > Devices Settings > Devices & Users > General > Enrollment > Management Mode. For details, see Enroll with Registered Mode.
  • Get your most popular enterprise applications added quickly and easily with Enterprise App Repository.
    Adding and assigning the most common windows applications just got easier with Enterprise App Repository. For details, see Add Applications from the Enterprise App Repository.

Went live on June 17, 2020. To view full release notes with resolved issues and known issues, see 2006 Release Notes

Console

  • Console event Logs now displays the product name.
    Console events only displayed Product ID, but now they show the product name.
  • Configurable Hint for Enrollment Log In.
    You can configure a friendly hint (or not so friendly, it's up to you) to end-users enrolling their devices. You can be as specific or generic as you like. For example, if their enrollment log in is the same as their Active Directory credentials, then say so. You can also include a link they can click to get help. This feature is currently supported by Windows devices only.
  • We now support Avi Networks (VMware NSX Advanced Load Balancer) for all Workspace ONE Services.
    We've integrated Avi Networks with Workspace ONE UEM deployments. For more information, see Avi Vantage and VMware Workspace ONE UEM.

Android

  • We've simplified your migration. You can silently and remotely migrate Zebra devices running Android 7 or later into Work Managed mode without a factory reset or a reboot.
    As we deprecate Device Administrator support, we want to provide you with easy ways to migrate your devices enrolled under Android (Legacy) to Android Enterprise. For more information, see Android Legacy Migration.
  • Gather location data without sacrificing your device battery life.
    Google has created the Fused Location Provider API. It is a simple and battery-saving location API for Android. We've added a new device setting to support this API, Location Data Accuracy, that allows you to gather location data more accurately without sacrificing battery life. For more information, see Devices & Users / Android / Hub Settings.

macOS

  • We now support MDM Bootstrap Token in macOS 10.15.
    For User Approved MDM enrolled devices on macOS 10.15 Catalina, a Bootstrap Token will be automatically generated and escrowed to Workspace ONE UEM on the next login by any user who is already SecureToken enabled. This Bootstrap Token will then be used to automatically grant a SecureToken to mobile account users and the optional managed administrator account created during Apple Business Manager enrollment. For more information, see MDM Bootstrap Token.

Mobile Content Management

  • Make use of the Device service to get the updated device status.
    To get the updated device status, use a device service endpoint instead of the existing dbo.Device table. The dbo.Device table is deprecated and is no longer updated with the device status.

Rugged

  • Introducing the Relay Server Cloud Connector.
    A Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content from a service endpoint and distributes it to your relay servers. This design initiates an outbound connection from your network to the VMware cloud to download content for distribution. Such an outbound connection represents a security advantage over other relay server designs. For more information, see Configure a Relay Server.

Windows

  • Workspace Intelligent Hub for Windows now supports enrollment with Workspace ONE Access..
    If you use Workspace ONE Access as your identity provider, you can now enroll Windows 10 devices with Intelligent Hub for Windows. When you configure the source of authentication for Intelligent Hub, select Workspace ONE Access. Configure these settings in Devices > Device Settings > Devices & Users > General > Enrollment. For details, see Configure Enrollment Option.

Went live on June 11, 2020. To view full release notes with resolved issues and known issues, see 2005 Release Notes

Android

  • We've changed the way enrollment restrictions work for Android 10+ devices.
    When you enroll Android 10 or later devices into Work Profile mode, they will be held in for an evaluation period until we can collect the IMEI and Serial number. The UEM console lists the device as "Enrollment Pending" until the UEM console confirms if the IMEI or Serial number is on whitelisted or black listed. This ensures that the work data (apps, profiles, etc.) are not sent to an Android 10 device until Enrollment Restrictions are evaluated. For more information, see Enrollment Restrictions for Android.

iOS

  • Deploy the latest iOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

macOS

  • Streamline your SSO experience with macOS Identity & Certificate Preferences.
    If you deploy multiple client certificates, your users may be prompted at times to choose which certificate they should use for authentication. With this feature available in macOS User Certificate or SCEP profile payloads, you can define URL(s) which should automatically use this certificate, so that users do not need to select it each time they access the service. For details, see Configure a SCEP/Credentials Profile.
  • Retrieving Intelligent Hub logs for macOS just got easier.
    You can now remotely request Intelligent Hub log retrieval from macOS devices for troubleshooting from Device Details. If you are facing elevated privacy policies, this feature includes an optional setting to prompt the end-user for approval before collecting and transmitting the logs. This feature requires Workspace ONE Intelligent Hub 20.05. For details, see Request Device Log .
  • Deploy the latest macOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

Apple Business Manager

  • Revoke your licenses automatically when you remove an Apple Business Manager iOS app.
    Apple Business Manager licenses for iOS apps that have been allocated but manually removed by the user will be automatically revoked and available for distribution. For details, see Revoke Licenses From Uninstalled Applications.

Windows

  • We let you enter your own application version for Windows SFD applications.
    You can now edit the actual application version and the version field for SFD applications of type EXE and Zip. This new feature is applicable only when you upload a new EXE or Zip file. For all the existing applications, you can add a new application version, and the version field appears as read only for the for the newer version you add. For details, see Configure Win32 Files for Software Distribution.
  • Re-establish communication between Windows 10 devices and the Workspace ONE Intelligent Hub for Windows.
    Certain events can cause communication problems like HMAC errors and failed upgrades of the Workspace ONE Intelligent Hub for Windows. You can fix these communication problems with the new Repair Hub action on the Device Details page of Windows 10 Devices. You can also use this action to re-install the Hub. Find this setting in Devices > List View > select the Windows Desktop Device > More Actions > Admin > Repair Hub. For details, see Windows Desktop Device Details Page.

SDK

  • We've made changes to User Certificate Credential Source behavior for SDK-built apps.
    When users are configured to receive SMIME certificates along with their other custom SDK configurations but they don't have an associated SMIME certificate, the system no longer stops other custom SDK configurations from processing. Find Certificates for the custom SDK profile in Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add > SDK Profile > Credentials Payload.

Tunnel

  • Android Enterprise devices now support SCEP generation of Tunnel Client certificates with key length 4096 when using the AW (Default) Certificate Authority..
    To send a Tunnel client certificate for Android Enterprise devices via SCEP, re-save your Tunnel configuration. All new certificates generated will use SCEP with the increased key length. There is no immediate impact on the devices with existing profiles.

Went live on April 3, 2020. To view full release notes with resolved issues and known issues, see 2004 Release Notes

Android

  • Control how widgets work in a Work Profile.
    The Allow apps to utilize widgets in the Work Profile restriction controls whether users can use widgets from apps added to your work profile. When enabled, you can add public app widgets. For more information, see Configuring Restrictions for Android Device with Workspace ONE UEM.
  • Apply custom filters to know how your devices are enrolled in Workspace ONE UEM.
    We've added a custom filter to the List View that quickly lets you view how your devices are being managed. The new Custom View column indicates if the device is Android (Legacy), Work Profile, COPE, and/or Work Managed. For more information, see Android Device Management.

Chrome OS

  • Want to document why a Chromebook is being enterprise wiped? Now you can.
    When you enterprise wipe a Chromebook device, a new option displays that lets you select if you are wiping the device for replacement or deprecated device. For more information, see Device Management Commands for Chrome OS Devices.

Windows

  • Dell Provisioning for VMware Workspace ONE got a new name. It's now called Factory Provisioning.
    We've updated the name of Dell Provisioning for VMware Workspace ONE to Factory Provisioning. The functionality remains the same. For more information, see Factory Provisioning.
  • We've updated the Antivirus profile for Windows Desktop.
    The Antivirus profile that works with your Windows Defender Antivirus system now includes more options. Set levels for Cloud Protection, identify potentially unwanted applications, enable tamper protection, and prompt for user consent. Find the Antivirus profile for Windows Desktop in the console at Devices > Profiles > List View. See Configure an Antivirus Profile (Windows Desktop) for details.
  • Defer your application installation during app assignment.
    You can now defer app installation during the app assignment. You can make these changes while adding app assignments and policies to your Win32 Applications. For more information, see Add Assignments and App Policies to your Win32 Applications.
    Note: App deferrals is a tech preview feature and may not be available in all environments. Consider limiting your use of this feature for testing purposes only. App deferrals must not be used in a production environment. Features are not final and are subject to change at any time.

Rugged

  • We've made a few improvements to product provisioning deactivation.
    If you find yourself in a situation where you must cancel an ongoing product provisioning deployment (due to provisioning misuse or an issue with the product content), you can use the improved deactivation flow. In addition to clearing the device command queue, cancelling the in-progress jobs and clearing commands from content service table, the new deactivate flow checks whether the product is active before processing and deletes content items from the content service table.

App Management

  • App assignment has a fresh new look.
    Check out the new assignment experience for all your apps with complete API support. We've streamlined how our app configuration works with Smart Groups. For more information, see Add Assignments and Exclusions to your Applications.
  • Configuring Workspace ONE Boxer just got easier.
    Common configurations supported by Workspace ONE Boxer can now be configured from the Apps & Books section. You can also configure Boxer for internal app deployments. For more information, see Assign and Configure Workspace ONE Boxer.
  • Configure Notebook application from the Apps & Books section.
    Configure your Workspace ONE Notebook app for both managed and unmanaged devices using the app assignment in the Apps & Books section. This new feature is available if you are using Notebook version 1.4 or later. For more information, see Assign and Configure Workspace ONE Notebook.

Content Management

  • View the exact count of Smartfolio users who acknowledged your document.
    Smartfolio users can now acknowledge the documents that you assign to them as required content. On the Workspace ONE UEM console, you can view these acknowledgments in the Content List View and the Device Details pages. For more information, see Acknowledgement in Smartfolio.

Went live on March 6, 2020. To view full release notes with resolved issues and known issues, see 2003 Release Notes

Workspace ONE UEM Console​

  • See an on-screen notification if your report exceeds the size limit.
    If you request a report that is bigger than the size limit, it is now represented in Monitor > Reports and Analytics > Exports with a new status label called "File size exceeds limit". The new Exports status appears if your report needs more file space than the 4GB hard limit.
  • We've made a few updates to SAML and Directory Authentication in Workspace ONE Express.
    When setting up SAML on the Directory Services configurations page in Express, you can now export the service provider's settings without any issue. Also, directory authentication is enabled for Express organization groups, which means, you can now enroll devices with directory authentication.
  • Leverage the event data to consume Workspace ONE API's based on UUIDs.
    We've added the EnrollmentUUID and DeviceUUID attributes to event notifications. These additional identifiers are associated with the user and device.

Android

  • Retrieve feedback reported by OEM config applications for quick detection of errors.
    Use the feedback channel to get granular app feedback and troubleshooting information sent by apps. For more information, see Retrieve Feedback from OEM Config Applications.
  • Control which Google accounts can be used within the Managed Google Play Store.
    Sometimes you may want to allow people to add G-Suite accounts to access corporate email, or personal accounts (to read mail in Gmail for example) but do not want the unmanaged Google account to access an unrestricted Google Play. With the new Allowed Accounts in Google Play setting in the Restriction profile, you can choose whether to restrict or allow non-Managed Google Play Access. You can set a list of accounts people can use in Google Play. For more information, see Restriction Profile.
  • Restrict personal apps from sharing data with work applications.
    Allow personal apps to share data with work apps in the Restriction profile now lets you prevent personal apps from sharing files, pictures, and data into the managed profile. For more information, see Restriction Profile.

iOS

  • Convert all your Apple Business Manager licenses in a single click.
    You can now convert any user-based licenses synced from Apple Business Manager to device-based licenses by selecting one, multiple, or all the applications for a given organization group. For more information, see Configure Licenses and Assign with Flexible Deployment.
  • Keep your custom Apple apps up to date.
    You can now enable automatic updates for Apple Custom apps synced from Apple Business Manager. Any device that reports an app that is not on the latest version will have the app updated automatically.
  • Remote Assist Process Streamlined in Device List View and Details View.
    It now takes fewer clicks to start a Remote Assist session on a qualifying device from the UEM console's Device List View and Details View. Your remote sessions for troubleshooting and performing advanced configurations on devices in your fleet are initiated swiftly because you select the specific Remote Assist client tool before you connect. For more information, see Device List View.

Windows

  • Get access to your BranchCache performance data from both the device and the server.
    The new Peer Distribution Panel under Apps&Books > Native > List View > Application Details give you a heads-up on the number of devices that have downloaded the application using the peer distribution, the amount of data downloaded, and the source of the downloaded data. The application Devices tab now gives you individual BranchCache performance data for each of your devices. For more information, see Device List View.
  • The communication resiliency for Windows 10 got better with automatic HMAC recovery.
    Workspace ONE UEM automatically checks the HMAC on Windows 10 devices. If the system identifies a corrupt or missing HMAC, it triggers an HMAC recovery. It sends it through the native OMADM channel to the Workspace ONE Intelligent Hub to re-establish communication.
  • Keep your apps installed on your devices.
    With the new Desired State Management setting, you can now protect your managed apps from removal from your devices. For more information, see Add Assignments and App Policies to your Win32 Applications.
  • Deploy profiles with the new Windows - AAD Enrolled smart group category.
    Use the new Windows - AAD Enrolled category in smart groups when you want to exclude or include Windows 10 devices depending on their management status. For example, configure the General payload of a Credentials profile to exclude a Windows - AAD Enrolled smart group so you can deploy certificates to managed devices but not to OOBE devices. When creating smart groups, find the new Windows - AAD Enrolled category in Criteria Type > Enrollment Category. When configuring profiles, go to the General payload and select the group with Windows - AAD Enrolled configured for Smart Groups or enable Exclusions and select the same for Excluded Groups.
  • We've updated the integration of the Dell Command | Update (DCU) with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities and alligns with the latest DCU 3.1 release from Dell.
    We've updated the integration of the Dell Command | Update with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities. With the new version of Dell Command | Update, we'll have a few workarounds and scripts that maintain CLI use. Watch VMware's Tech Zone (https://techzone.vmware.com/) for news about the integration and next steps.

Content Management

  • Automate your content gateway settings in the UEM Console.
    Now you can create configuration files in the UEM console for UAG deployment. These files simplify deploying your content gateway servers deployed through UAG. For more information, see Configure Content Gateway on the UEM Console.

Rugged

  • Android Application Provisioning Supports Per-App VPN.
    Per-App VPN is now supported for provisioning applications to Android devices. When you configure an Android app to be provisioned with the per-app VPN option, a VPN automatically connects when that Android app is launched and routes all the app traffic through the VPN. For more information, see Create a Product.
  • Product Provisioning Now Supports CDN.
    The struggle for bandwidth in your provisioning environment just got a little easier now that support for Content Delivery Networks (CDN) has been introduced. With this option enabled and configured, CDN can lighten the distribution of product loads to offload traffic from your network. For more information, see Configure a CDN for Provisioning.

Tunnel

  • Configure detailed Unified Access Gateway settings from the UEM console.
    You can now set advanced configuration settings for the Tunnel gateway directly from the UEM console without needing to login to your UAG servers. For more information, see Configure Per-App Tunnel.

Went live on February 26, 2020. To view full release notes with resolved issues and known issues, see 2001 Release Notes

Workspace ONE UEM Console​

  • Apply as many filters as you like with the new device filter.
    We've greatly improved the way filtering works on devices in the Device List View. You can now apply as many filters as you like and the device listing does not update until you select the Apply button. This saves you time waiting for the console to update with each filter selection.
  • Presenting Terms of Service (TOS) agreement for our SaaS customers.
    SaaS customers logging in to the console for the first time are now presented with a Terms of Service (TOS) agreement for VMware Cloud Service Offerings. After acceptance, subsequent logins by any administrator are not presented with the same TOS. For details about the contents of the agreement, see VMware Cloud Service Offerings.
  • View all your managed devices connected with the same Wi-Fi router in the Device List View Custom Layout.
    You can now include the Service Set Identifier (SSID), known commonly as the Wi-Fi network name, in the Device List View. This new column makes it easy to show all managed devices connected with the same Wi-Fi router. Enable this new column by selecting the custom layout option and select SSID from the list of available columns.
  • Your reports no longer consume excessive disk space.
    A hard limit of 4 GB has been placed on the size of your Workspace ONE UEM reports. This limit prevents potentially excessive processing cycles devoted to creating oversized reports. For more information, see Generate Reports.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.

Android

  • Enroll and manage your GMS and non-GMS Work Managed devices within the same organization group.
    In order to avoid having to create several organization groups to manage GMS and non-GMS devices, we've updated our QR code enrollment to include an option that forces AOSP/ Closed Network Enrollment. When this is enabled in the QR code enrollment settings, your device enrolls as AOSP/Closed Network, regardless of the Work Managed Enrollment Type set in the Android enrollment settings. For more information, see Generate a QR Code Using the Enrollment Configuration Wizard.

Chrome OS

  • Start configuring, renewing, and revoking your certificates from the UEM console.
    With the Workspace ONE UEM Extension for Chrome OS, you can fully manage user and device level certificates. For more information, see VMware Workspace ONE UEM Extension for Chrome OS.

iOS

  • Update your Apple Custom apps with a single click.
    You can now push updates to Apple Custom apps that are out of date.

Windows

  • Define your Baseline assignments with the new Exclusions feature.
    You can now exclude specific smart groups from assignment when assigning Baselines to your Windows 10 devices. This feature allows you to assign the Baseline to a large smart group and then refine the assignment to exclude specific, smaller smart groups.
  • Ensure your data is protected on Windows 10 devices even after a device wipe.
    The Encryption profile now supports keeping the system encrypted at all times. This includes after removing the profile, wiping the device, or any break in communication with Workspace ONE UEM to your Windows 10 devices.

Went live on December 10, 2019. To view full release notes with resolved issues and known issues, see 1912 Release Notes

Workspace ONE UEM Console​

  • VMware Identity Manager is now Workspace ONE Access.
    Our Intelligent Access for the Digital Workspace is now called Workspace ONE Access.
  • We've enhanced the console response for deleted devices.
    When you delete a device from the console, the response you see no longer conceals the device's friendly name, allowing you to identify it.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.
  • The System help page under All settings > Admin > Diagnostics lost its home. But we’ve made sure to retain some of its functionality it served for the cloud connector.
    You can now check the cloud connector status by using Test Connection. It gives you the same information as the System health check page did.

Android

  • PIV-D Manager is not limited to Android Legacy devices anymore. PIV-D Manager now supports Android Enterprise devices.
    Push the PIV-D Manager to your Android Enterprise deployment. Use it with Workspace ONE Boxer, Web, Wi-Fi, and VPN systems along with your derived credential provider. This iteration does not support using Gmail with derived credentials on Android Enterprise. For details, access Use Profiles to Control How Android (Enterprise) Devices use Derived Credentials Certificates.

iOS

  • Keep your iOS devices up to date and running the latest, feature-rich iOS releases.
    Manage the operating system updates of your iOS devices with the new Updates framework. With the new framework, you can force devices to download and install any iOS update available for the device. You can also notify users when each step finishes. A new reporting dashboard allows you to track the rollout of each update to your devices and drill into specific devices for a more detailed list of updates for the device.
  • Experience a modern UI for User Enrollment and Custom Enrollment.
    Users enrolling with the newly released User Enrollment for BYOD and Custom Enrollment for devices added to Apple Business Manager will experience a modern and refreshed interface to align with Workspace ONE Intelligent Hub's enrollment view.
  • Provide additional controls to your corporate iOS 13+ devices for Wi-Fi and the Files app.
    You can now force on Wi-Fi for iOS 13 supervised devices as well as prevent connections to network drives from the Files app in the Restriction Profile.
  • Better deploy Custom Apps by seeing rich metadata in the Workspace ONE UEM console.
    You can now automatically sync in the metadata for Custom Apps being added via integration to Apple Business Manager similar to how public apps are achieved. For more information, see Activate Management of Custom Applications.

macOS

  • HelpDesk support just got easier with the cross-platform remote assist solution.
    Workspace ONE Assist is now available for macOS.For more information, see Remote View.
  • Enhanced security for managing local admin account with a unique randomized password for each device that can be viewed in the admin console.
    We've improved security for managing local admin account on macOS. Workspace ONE UEM also takes it a step further and automatically triggers a password rotation in 8 hours of when someone attempts to view the password in the console for a particular device.
  • We now automaticaly remediate devices missing the required certificates.
    We've improved the desired state management of macOS certificates by automatically remediating devices missing required certificates. To know more, see Certificate Profile Resiliency.

Windows

  • Control when your Windows 10 devices update with the improved Windows Update profile.
    We've enhanced the Windows Update profile to improve the user experience. We've condensed some fields, removed legacy options, and reorganized the layout a bit. We've also added the new Active Hours Maximum option that allows you to limit the number of active hours for device updates. You can also set reboot deadlines based on the type of update with the Engaged Restart Deadline options.
  • Creating Baselines is easier with our improved UI.
    We've improved the user experience for creating Baselines. Navigate custom policies easier with the new vertical layout. Reviewing additional policies is easier with the new collapsible layout.
  • Know the build your Windows 10 devices are using.
    We've improved the Device Details page to show the latest patch version or 4th decimal of the OS version of your Windows 10 devices under the Build Number field.

App Management

  • We've stopped collecting personal app information from your devices, even while enforcing app compliance or app control policies.
    We've made some changes to the personal app information collection when you set the privacy policy as ‘Do not collect'. For more information, see the Impact of Privacy Settings on the Application List Compliance and Application Control profile.
  • We’ve improved the user experience for all your Windows app installation.
    You can now choose to defer reboots until a more convenient time, or install multiple applications and reboot once they have all installed. For more information, see Device Restart.

Content Management

  • Managing your existing Manual Templates just got easier.
    You can now add links to an existing template.

Email Management

  • Rotate your G Suite Password without all the hassle as before.
    Rotate the Google Suite password for G Suite user accounts without having to enroll or unenroll a device.

Rugged

  • We've added support for domain usernames in Stage Now relay server credentials.
    You can now use domain-based usernames to authenticate Stage Now relay servers. Accepted formats for domain usernames are username@domain and domain\username. For more information, see Step 3 in Zebra Stage Now Special Characters, Android.
  • We're making your VMware launcher experience as close as possible to that of the native launchers. Pin icons to the hot seat bar and vice versa while using Workspace ONE Launcher.
    Add an app to the bottom bar while using Workspace ONE Launcher. This bar remains visible as users swipe to different launcher screens.

Went live on October 30, 2019. To view the full release notes with resolved issues and known issues for 1910, see 1910 Release Notes

Workspace ONE UEM Console​

  • We've made enhancements to the /users/ API.
    The GET /users/{uuid} and POST /users/ APIs now include new attributes such as aadMappingAttribute, department, employeeIdentifier, costCenter, customAttribute1, customAttribute2, customAttribute3, customAttribute4, and customAttribute5.
  • We've added a new API that automatically syncs User groups and Admin groups into the Console from the Active Directory or LDAP.
    Previously, administrators had to manually log in to the console to perform a group sync. We now have an API for the group sync action that enables automation. The new GET /GroupSyncActions/{uuid} API grabs the approval status of a group with the access token and a link to merge that group. The result also includes the details of members added to and removed from the group. The new POST /GroupSyncActions API merges the User groups or the Admin groups that are in the "Approval Request Pending" state.

Android

  • Display a personalized message when removing a work profile on an end user’s device.
    You can now choose to show your end-users a personalized message when you decide to remove a work profile.
  • We've increased security around non-strong authentication methods and passcode change notifications.
    The Passcode profile provides better security around non-strong authentication methods and passcode change notification.The Passcode Required Range lets you specify how much time elapses after the device has been unlocked with the non-strong authentication before the user is prompted to enter the passcode. The Passcode Change Alert text box lets you specify the amount of time prior to the passcode expiration that the user is notified to change their passcode.
  • We've upgraded the Launcher profile with additional configurations.
    You can now enable/disable Home and enable/disable Keyguard option in the Android Enterprise Launcher Profile.

Chrome OS

  • Securely manage user and device level certificates with the Workspace ONE UEM Extension for Chrome OS.
    The Workspace ONE UEM Extension for Chrome OS automatically installs on managed devices to provide secure provisioning of both user and device-based Microsoft ADCS certificates,and seamless connectivity to WiFi and web applications. Additionally, direct communication with the UEM console enables a faster device sync after enrollment and enhanced device visibility.
  • Remotely disable devices that have been lost or stolen with Lost Mode for Chrome OS.
    Lost mode for Chrome OS allows you to remotely disable devices that have been lost or stolen, and allows them to set a custom message displayed on the lock screen through the Chrome OS device profile. While disabled, the device cannot be used for any purpose. Devices can be re-enabled remotely once they are found.

iOS

  • Empower your apps with additional capabilities by remotely associating domains.
    Configure any domains that need association with their in-house or the third-party apps without manually including them in the app's entitlements file. This association can be used for advanced capabilities like SSO extension, universal links, and shared credentials. To know more, see Add Assignments and Exclusions to Applications.
  • Avoid the delays of accepting prompts and quickly get your students engaged with their apps.
    Students with Managed Apple IDs created in the Apple School Manager are no longer required to accept any prompts to install apps and books. Workspace ONE silently accepts these prompts on the Managed Apple ID's behalf with no admin interaction.
  • Take advantage of the latest communication standards for Apple Push Notifications.
    Communicate with Apple devices over HTTP/2 for Device Management and delivering push notifications to VMware Productivity Applications.

Windows

  • Use Sensors to monitor your 64-bit Windows 10 devices.
    Sensors for Windows Desktop Devices now supports controlling when PowerShell scripts execute based on the device architecture. You can limit a script to 32-bit or 64-bit only or force a script to run as 32-bit regardless of the device architecture. This enhancement reduces errors when using Sensors for 64-bit devices.
  • Know how your devices comply with your Baselines.
    The UEM console now reports a device's compliance to a specific Baseline. See the current compliance status of devices to the published policies of a baseline. Baseline compliance reporting uses a 15% compliance threshold before marking a device non-compliant.
  • Our Smart Groups are not just smart, they are flexible too. Start creating OEM-specific Smart Groups for your Windows Desktop Devices.
    We've added Windows Desktop OEM and Model Support to Smart Groups.
  • We’re working on a technical preview for Digital Employee Experience Management for Windows 10 deployments.
    Digital Employee Experience Management is a collaboration between Workspace ONE UEM and Workspace ONE Intelligence. With this feature enabled, the Workspace ONE Intelligent Hub for Windows sends telemetry data to Intelligence about OS and app stability and usage.
    In a soon-to-be-released version of Intelligence, you can see your data in dashboards to know what is working and what needs fixing. Use the dashboards to focus on specific analytics and use automations to mitigate possible issues and to fix problems when they happen.
    If you’re interested in starting to collect data, call your customer service representative to turn on this feature.

App Management

  • Experience consistent application status tracking on all your devices.
    We've enhanced different areas of the UEM console that deal with application deployment monitoring. The Workspace ONE UEM console now monitors apps and provides detailed application status based on the device reports and logs the actions taken in the UEM console.

Tunnel

  • We've added Device Traffic Rules support for Workspace ONE Tunnel on macOS.
    Create granular policies for use-cases like split-tunneling and domain filtering for macOS applications. Add apps and policies from the Tunnel's Device Traffic Rules and deliver them as a part of existing profiles.

Went live on September 27, 2019. To view the full release notes with resolved issues and known issues for 1909, see 1909 Release Notes

Workspace ONE UEM Console​

  • Participate in VMware's Customer Experience Improvement Program (CEIP).
    Workspace ONE UEM is now a participant of VMware's Customer Experience Improvement Program, which seeks to improve its products and services, to fix problems, and to advise you on how best to deploy and use our products.  As part of the CEIP, VMware collects the technical information about your organization’s use of VMware products and services regularly in association with your organization’s VMware license key(s).  This information does not personally identify any individual. For details regarding the CEIP, visit the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html.
  • Automatic retry makes for a robust profile installation experience. 
    We've added a new retry logic for profiles that fails to install on your devices. The new logic retries to install the profiles when your devices check-in.
  • Meet the newly designed Message Templates.
    The redesigned Message Templates now provides a better globalization experience. With the new system, admins using message templates only see templates for the active language. For example, if an admin uses the Workspace ONE UEM console with Japanese, they will only see Japanese message templates.
  • Keep close tabs on your shared devices with the new API event notification for check-in/check-out.
    We've added an API event notification that allows you to see when shared devices check-in/check-out. The event notification enables you to recognize usage patterns and help you keep tabs on these multi user devices. 
  • UEM notifications available as messages within Intelligent Hub are now available under Notifications. 
    If you have activated Workspace ONE Intelligent Hub Services and enabled Notifications capability, UEM notifications, such as Compliance issues, will be sent through the Notifications Service. This enhancement allows your employees to get all their notifications within the Intelligent Hub notifications page thereby providing a consistent experience. You no longer have to go to Accounts > This Device > Messages page within Intelligent Hub app to view UEM related notifications.

Chrome

  • Introducing the all new Dell Profile for your Dell-specific management capabilities. 
    With the launch of the Dell Enterprise Chromebook line, Dell has introduced some Dell-specific management capabilities with the new Dell Profile (Chrome OS)

iOS

  • Tighten your security posture with new USB drive access controls.
    You can now prevent the USB drive access to Files on iOS 13+ devices in the Restriction Profile
  • Specify how your iOS 13+ devices handle network traffic with the VPN profile.
    You can now set domains that Mail, Contacts, and Calendar accounts automatically connect to. Also, you can direct how the Virtual Private Network (VPN) client includes or excludes local network traffic.
  • Control how Voice Control works for iOS 13+ devices running in Single App Mode.
    Prevent or allow Voice Control capabilities for iOS 13+ devices when configuring the Single App Mode profile
  • Bring SSO functionality to your apps with the SSO Extension profile.
    The new Single Sign-On Extension profile for iOS 13+ devices let you provide targeted URLs for both redirect and credential-based SSO.
  • Customize the enrollment experience for devices synced from Apple Business Manager. 
    Deploy devices synced from Apple Business Manager (formerly DEP) with a set of customizable, branded web screens. These screens offer custom enrollment with advanced enrollment actions such as modern auth, multi-factor auth, and EULA acceptance.
  • We support a new privacy focused enrollment method that protects your personal data while still providing enterprise resources.
    Enroll all your iOS 13+ devices using Managed Apple IDs created in Apple Business Manager through federation to Azure AD. User Enrolled devices provide enhanced privacy focus that separates managed data from personal while still providing the core management capabilities such as installing apps, configuring Wi-Fi, and passcode requirement.
  • Refresh your eSIM configuration.
    Request iOS 13+ devices to refresh the eSIM configuration for a specific carrier by making changes in the Device Details page.  

macOS

  • Streamline the Setup Assistant experience with our new primary user account customization options. 
    Customize the primary user account information created in Setup Assistant on macOS 10.15 Catalina devices during an Automated Enrollment through Apple Business Manager. Make these changes when you create or edit the DEP Enrollment profile
  • Bring SSO and AD password syncing on your devices with the SSO Extension profile. 
    Configure app extensions that perform single sign-on with either the Generic or Kerberos SSO extension on macOS 10.15 Catalina devices with the SSO Extension payload

  • Simplifying your user experience by automating new System Extensions approval. 
    Control restrictions and settings for apps that use System Extensions by configuring the System Extensions profile

  • Prevent data leakage with the new Handoff restriction.
    Restrict  the ability to use Continuity Handoff capabilities on Macs running 10.15 by configuring the Handoff key in the Restrictions profile

  • Monitor the Secure Boot and External Boot statuses to ensure only approved operating systems can run. 
    View the Secure Boot and External Boot status for the Macs running 10.15 Catalina in the Device Details page. 

Mobile Content Management

  • Content Locker gets a new name. Let's welcome Workspace ONE Content.
    Workspace ONE Content has all the same functionality as Content Locker, but with a new name. To learn more, see VMware Workspace ONE Content

Rugged

  • Keep Honeywell Android device enrollment simple with the Barcode Enrollment.
    You can simplify the enrollment experience for your users with the barcode enrollment for Honeywell Android devices. Users simply scan the barcode to enroll the devices

Windows

  • Everything is better together with Dell and the new Dell BIOS Attestation.
    Protect your Dell Windows Desktop Devices with the new Dell BIOS Attestation. This service analyzes the BIOS of your Dell devices and reports the status of the BIOS to Workspace ONE UEM. Using Workspace ONE UEM compliance policies, you can act quickly to reduce the risk a compromised device poses to your network.

Workspace ONE Express

  • Learn more about upgrading to Workspace ONE UEM.  
    You now have a simple path to understand what upgrading to Workspace ONE UEM can do for your organization. Get access to helpful videos, live demos, and documentation of Workspace ONE UEM's full feature set, not to mention an easy upgrade path for when you make the switch.
  • We've made migrating your legacy Android devices to the Android Enterprise easy. ​Try our new Android Migration Tool for Express.
    The Android Migration Tool walks you through the process step-by-step. Once you register Workspace ONE Express with Google as your Enterprise Mobility Manager, you can migrate your legacy Android devices. 
  • Troubleshooting your problematic devices got easy with the introduction of the Troubleshooting tab on Device Details. 
    Troubleshooting tab displays the Event Log and Commands listings including a filter and search capabilities, enabling you to perform troubleshooting on the device. To learn more, see Troubleshooting tab on Device Details

Went live on August 20, 2019. To view full release notes with resolved issues and known issues for 1908, see 1908 Release Notes

Android

  • Enroll devices into Android Enterprise Work Managed mode without a managed Google account. 
    You can Enroll devices into Android Enterprise Work Managed mode without a managed Google account under the following circumstances:
    • When you do not have connectivity to Google.
    • When you are operating on a closed network.
    • When your devices do not contain Google services (AOSP/Non-GMS).​ 
      The Android EMM Registration page now includes an option to select AOSP Closed Network as the Work Managed Enrollment Type. To learn more, see Android Device Enrollment
  • We allow Passcode reset on your work profile devices running Android 8.0+.
    You can now select the Clear Passcode and Reset Passcode commands for Work Profile devices running Android 8.0+. Clear Work Passcode removes the work security challenge on the device and the Reset Work Passcode prompts you to enter a new passcode. 
    To learn more, see  Device Management Commands.

iOS

  • We've added new network usage rules payload keys for all your iOS 13 devices.
    Set up the Wi-Fi assist capabilities of targeted physical and eSIM cards for iOS 13 devices.
    To learn more, see Configuring Network Usage Rules Profile
  • Skip all newly added Setup Assistant screens for iOS 13 devices.
    We let you skip newly added Setup Assistant screens for iOS 13 devices added to Apple Business Manager.
    To learn more, see Complete the DEP Enrollment Profile
  • We've added new Restrictions payload keys for iOS 13 devices.
    Prevent Wi-Fi toggling, QuickPath keyboard, Find My Friends, and Find My Device on iOS 13 devices. Also, we've added several existing options that requires supervision such as restricting Camera, Safari, iCloud backup, and explicit content.
    To learn more, see Restriction Profile Configurations
  • Stop the user toggle of the native Mail, Contacts, Calendar, Reminders, and Notes apps separately. 
    We've added new Exchange payload key for iOS 13 devices that allows configuring and preventing the user toggle of the native Mail, Contacts, Calendar, Reminders and Notes apps separately. 
    To learn more, see Configure EAS Mail Profile for the Native Mail Client

macOS

Windows

  • Simplify your peer distribution with the new Windows Desktop profile.
    We've moved the Workspace ONE Peer Distribution from Groups & Settings to a Device Profile for Windows Desktop. The new profile for Windows Desktop devices simplifies configuring the Workspace ONE Peer Distribution settings.
    Workspace ONE Peer Distribution now supports Distributed, Hosted and Local BranchCache modes along with additional configuration settings such as disk space percentage and max cache age.
    To learn more, see Peer Distribution with Workspace ONE
  • Provision your Windows 10 devices yourself with encrypted custom PPKGs.
    PPKGS allow you to provision your Windows 10 devices with the apps, profiles, and enrollment credentials you use. You can use this provisioning package as part of the Windows 10 Out of the Box Experience or later after the device is set up.
    To learn more, see Create a Provisioning Package for Windows 10 Devices
  • Springing from a partnership with Dell, VMware announces Workspace ONE Express+.
    Workspace ONE Express+ is a light management solution for small and mid-size businesses bringing support for Windows 10 devices and Office365 apps.​

Workspace ONE Express

  • Register your Google account with Workspace ONE Express and welcome devices with Android Enterprise.
    Workspace ONE Express now supports Android Enterprise, including support for Work Profile and Work Managed enrollment types, as well as support for Managed Google Play, Android Enterprise policies, and resources. Express support for Android Legacy continues unchanged.
    To learn more, see Enrollment
  • Workspace ONE Express now lets you add an application catalog to the home screen of your devices.
    When you set up Workspace ONE Express, you are now offered the chance to add an application catalog to the home screen of your devices. This option makes it easy to ensure your devices can download the optional apps you assign to them.
    To learn more, see Express Setup

Workspace ONE UEM Productivity App Release Notes

Want to see our Productivity App documentation? Look at Workspace ONE Productivity App Documentation.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components.

End of Support Announcements

Workspace ONE UEM console Release and End of General Support Matrix​ provides the general availability, end of availability and the end of support dates for all Workspace ONE UEM console Release.

 
check-circle-line exclamation-circle-line close-line
Scroll to top icon