check-circle-line exclamation-circle-line close-line

Learn about new features and the enhancements made in each of the productivity apps, related products, and the Workspace ONE UEM console releases. Get quick access to the UEM console change log, interoperability matrix, and our important end of support announcements.

Workspace ONE UEM console Release Notes

By allowing gradual rollout of our software initially into the Shared SaaS environments, SaaS Ops together with Engineering is able to monitor the success of the updates prior to making the software generally available to on-premises customers. On-premises components will be made available to our customers within a few weeks after our Saas release.

Want to see our latest SaaS and On-Prem documentation? Look at VMware Workspace ONE UEM Console Documentation.

To view full release notes with resolved issues and known issues, see 2010 Release Notes

Documentation

  • Have you seen our new in-page Navigation interface? If not yet, see VMware Workspace ONE UEM Console Documentation.
    We’ve heard your feedback that the traditional nested table of contents (TOC) structure is difficult to use. Starting 2008, you can search and discover content by using our new navigation homepage that is organized according to how you use the product.

    Don't forget, we've removed release-based versioning in our left navigation sidebar. If you are looking for Cloud content, you can select services from the version selector drop-down menu. If you are looking for on-premises documentation, choose the version of Workspace ONE UEM you want to learn about when you land on our content on the VMware Docs site.

     

    Take a look at our new navigation homepage and tell us what you think. To leave a feedback, go to Workspace ONE UEM Console Documentation, jump to the bottom of our feedback section, and tell us what you like about the new experience.

Credential Escrow Gateway

  • Faster Windows 10 certificate delivery for escrowed SMIME certificates.
    Moving to an event driven model to notify UEM when certificates are uploaded to the Credential Escrow Gateway greatly enhances the speed with which we can deliver escrowed certificates to Windows 10 devices.
    Note: Any certificates uploaded to Escrow Gateway (EG) prior to version 1.2 are no longer compatible. After you have migrated Redis data to EG 1.2+, upload the certificates again using either a v1 or v2 endpoint to be retained for the entire length of your configured retention period.

Freestyle Orchestrator (Preview)

  • Introducing Freestyle Orchestrator (Preview).
    Freestyle Orchestrator is a low-code IT orchestration platform that gives you the flexibility to create workflows for resources such as apps, profiles, and scripts and apply them to devices based on granular criteria. This functionality provides customers the ability to define complex onboarding workflows, go through multi-step processes like upgrading BitLocker with a one-time setup and can additionally be used to target devices based on any device-related criteria. Want to know more? see What is Freestyle Orchestrator.

Android

  • View the "Last Reboot" timestamp in the UEM console under Device Details.
    Would you like to know the last reboot time of your devices as you are troubleshooting or viewing device details? You can now view the "Last Reboot" timestamp in the UEM console under Device Details. For more information, see Device Details.
  • Distribute Applications for closed testing.
    In the UEM console, you can now test and deploy custom internal test tracks of the application before releasing the production version. For more information, see Deploy Private Applications to a Testing Track.

iOS

  • Force log out users of Shared iPads for Business.
    You can now forcefully log out the current user of a Shared iPad to return it to the main lock screen. This allows a new user to pick up and begin using the device. For more information, see Manually Log Out a User.
  • Prevent your Apple devices from randomizing their MAC address.
    iOS 14 brings you a new privacy feature where the MAC address of devices connecting to Wi-Fi will be randomized instead of showing the true hardware MAC address. With Workspace ONE UEM, this can be prevented for targeted Wi-Fi networks.
  • Prevent users from removing any managed iOS applications.
    You can now set any managed apps on iOS 14 devices to be unremovable by users.
  • Set specific domains to be included or excluded in VPN configurations.
    In iOS 14 per-app VPN configurations can set specific domains and subdomains to leverage or avoid the VPN for connections.
  • Deploy your APNs traffic through an HTTP proxy.
    If you are leveraging an HTTP proxy for their Workspace ONE UEM environment, they can choose to send all traffic through the proxy for outbound APNs.

macOS

  • Defer software updates on macOS Big Sur.
    Previously, macOS devices could only defer major OS software updates. In macOS Big Sur, admins can now defer non-OS software updates on macOS devices.
  • Fully manage your macOS apps synced from Apple Business Manager.
    Workspace ONE UEM can now manage the full lifecycle of macOS 11.0 public and custom apps. Admins can now automatically remove any macOS app synced from an organization’s Apple Business Manager tenant on un-enrollment as well as remove on-demand.
  • Prevent your Apple devices from randomizing their MAC address.
    macOS 11 Big Sur brings you a new privacy feature where the MAC address of devices connecting to Wi-Fi will be randomized instead of showing the true hardware MAC address. With Workspace ONE UEM, this can be prevented for targeted Wi-Fi networks.
  • Set specific domains to be included or excluded in VPN configurations.
    In macOS Big Sur per-app VPN configurations can set specific domains and subdomains to leverage or avoid the VPN for connections.

Windows

  • Make your software deployments easier and more flexible when the installation complete criteria changes.
    You can now edit the When to Call Installation Complete criteria for Windows app deployments. For more information, see Configure Win32 Files for Software Distribution.
  • We've removed support for Windows Phone devices in the Workspace ONE UEM console.
    Windows Phone devices are no longer available in the Workspace ONE UEM console as of the Workspace ONE UEM 2010 release. You will not be able to manage, wipe, or reset the devices from the console. To remove any device management, initiate removal of our Work Account or factory reset the device. For more information, see our KB article on Windows Phone Management will be removed from Workspace ONE 2010.
  • Check out the Technical Preview for Workspace ONE Drop Ship Provisioning (Online).
    Workspace ONE Drop Ship Provisioning for OTA eliminates the need to create and share PPKGs with your hardware manufacturer. Simply assign your payloads to a tag in the Workspace ONE UEM console, and then place an order with your Windows 10 hardware manufacturer using that Workspace ONE UEM tag. Technical preview features are not fully tested and some functionality might not work as expected. However, these previews help Workspace ONE UEM improve current functionality and develop future enhancements. For more information, see our KB article on Technical Preview: Workspace ONE Drop Ship Provisioning for OTA.

Application Management

  • Block access to your Workspace ONE SDK apps when the apps are not managed by EMM on your end-user devices.
    While configuring the app assignment, if you set the EMM Managed Access flag as 'needs EMM management', then the SDK app tries to access the EMM managed app config on the device. If the app is unable to access this information, it indicates that the app is unmanaged and the access to it is blocked. For more information, see Add Assignments and Exclusions to your Applications.

Content Management

  • As part of our efforts around inclusion, we replaced a few offensive terms.
    We’ve implemented a process to evaluate and adopt alternatives for potentially offensive terms in Mobile Content Management console pages.

Email Management

  • The SEG custom settings are now available as key-value pairs in the Workspace ONE UEM console.
    You can now configure the SEG custom settings as key-value pairs in the Workspace ONE UEM console. The commonly used properties are seeded in the Workspace ONE UEM Console. For more information, see SEG Custom Gateway Settings.

Integrate Directory Services

Rugged

  • Queue Content to Relay Servers without assigning your devices.
    You can now add content to push and pull relay servers (including Relay Server Cloud Connectors) without requiring those servers to have devices enrolled in its associated organization group. This means you can get all the apps and content staged before devices are even enrolled. For more information, see Publish Product to Relay Server.

Scripts and Sensors

  • Use Scripts to automate endpoint configurations.
    Use the new Scripts feature for macOS and Windows Desktop devices to send code to devices to run processes. For example, push a script to macOS devices to reset printer configurations or push a script to Windows Desktop devices to remind users to reboot their machines. To keep sensitive data in your scripts safe, Workspace ONE UEM includes variables to obfuscate information such as email passwords and session tokens. If you integrate your Workspace ONE Intelligent Hub with Scripts, your device users can access these useful scripts any time they want. Scripts display in the Apps section of the Hub catalog. For information about Scripts for Windows Desktop, access Automate Endpoint Configurations with Scripts for Windows Desktop Devices. For details about Scripts on macOS, see Automate Endpoint Configurations with Scripts for macOS Devices
  • Find Sensors in its new place in the navigation and check out the updates.
    We've moved Sensors under Resources so that you can find it easier. And now, not only can you use Sensors with Windows Desktop, we've added support for macOS. Use scripts in your Sensors to collect all kinds of data that you can view for a single device in that device's Device Details page, on the Sensors tab. This new tab removes the need to use the VMware Workspace ONE Intelligence service. But don't worry, if you do use Intelligence, you can continue to enjoy viewing and interacting with data for multiple devices with reports and dashboards. For more information, see Collect Data with Sensors for Windows Desktop Devices. For details about Sensors for macOS, see Collect Data with Sensors for macOS Devices .

To view full release notes with resolved issues and known issues, see 2008 Release Notes

Documentation

  • Welcome the new navigation homepage that helps get you where you want to go.
    We are launching a new navigation homepage that speeds your documentation discovery. The page shows you what’s available in our documentation portal, sets you in the right direction, and helps you get started. We've grouped our documentation into logical buckets to help narrow down what you are looking for. Like to explore? See VMware Workspace ONE UEM Documentation.

iOS

  • Skip the latest iOS 14 and macOS Big Sur onboarding screens.
    You can now skip the latest Setup Assistant screens such as Accessibility, Update Complete, and Restore Complete screens.
  • Prevent users from accepting App Clips.
    You can now prevent iOS 14 devices from viewing a new feature called App Clips where a user can view and interact with a small portion of a larger app binary without downloading the full app itself.
  • Override existing passwords while configuring native mail.
    In iOS 14, you can now choose to override a previous password on a device when installing an Exchange ActiveSync email profile.
  • Control your apps notification previews in iOS 14.
    If an installed app is receiving push notifications displayed to the user, admins can prevent the content of the notification from being displayed if the device is locked or at all.

macOS

  • Onboard your macOS devices with true zero-touch.
    You can now simply plug in your new Mac computers into ethernet and power them on. With Auto Advance configured in Workspace ONE UEM, macOS devices will be automatically onboard, skipping all required screens with no user interaction.

Android

  • Detect and monitor network activity on your corporate owned devices.
    You can enable Network Logging for Android devices deployed through Work Managed enrollment. When active, Android records DNS requests and network connections from apps to a log file for the specified duration via the Request Device Log command. This option is only available for Work managed devices running Android 8 and higher.

Application Management

  • Configure Workspace ONE Boxer to support multiple managed accounts.
    You can now use the Boxer application to manage your multiple email accounts assigned with different settings. This capability comes with Boxer version 5.21 or later and requires SSO activation.

Content Management

  • Don't be surprised if the "Use Legacy Settings and Policies configuration" is not seen in the Content Legacy Settings.
    To avoid conflicts between the Content Legacy configuration settings and the other SDK settings, the Use Legacy Settings and Policies configuration setting under System Settings > Content > Applications > Workspace ONE Content App has been deprecated. The assigned SDK profile will now be the supported mechanism for delivering the DLP policies to the Workspace ONE Content app. For more information, see Configure VMware Workspace ONE Content.

Rugged

  • Workspace ONE Launcher now shows you the install status only if its relevant for the device record.
    We've made some user interface changes to Workspace ONE UEM Launcher. You will now only be able to see the install status of Launcher in the Workspace ONE UEM console Device Details if the device is assigned to a multi-user staging user or the Launcher profile is assigned to a device. For more information, see Workspace ONE Launcher Status.
  • We've added string comparison support to Product Provisioning.
    When making an assignment rule, comparisons using the less than (<) and greater than (>) operators (and their variants) continue to only be applicable to comparisons of strictly numerical values. The new exception is when you are comparing OEM build versions, you can apply < and > operators on non-numerical ASCII strings. An example is when an OEM update filename includes hyphens, periods, and other characters together with numbers. Such assignment rules must identify a device manufacturer in the rule logic and that comparison is deemed accurate when the format on the device matches the one specified on the server.

Tunnel

  • SDK Tunneling now supports 3rd party Certificate Authorities for Client Auth.
    Tunneling with the Workspace ONE Web app or any other apps you may build with the Tunnel component in SDK natively supports the secure SCEP CA integrated into your UEM services. Now we also support your other certificate authorities for use with Tunnel. For details about embedded tunneling with Workspace ONE Web. For more information, see AirWatch App Tunnel.
  • Reach internal SMB domains from Files on iOS through the Workspace ONE Tunnel app.
    You can now access internal SMB file shares through the Files app on iOS. The app is already seeded and available for configuration through the Device Traffic Rules on the Tunnel Configuration page. For details about configuring both mobile and desktops for app-tunneling rules.For more information, see Create Device Traffic Rules.

To view full release notes with resolved issues and known issues, see 2007 Release Notes

Android

  • Turn off secure start-up when you're setting a PIN for your Android devices.
    We've added a new field to the Passcode profile which allows you to disable secure startup for users when they are setting up a PIN on Android devices. When disabled, users are not prompted for a PIN to reboot the device, and devices can still be used as shared devices without any problems. This feature also supports Android and iOS boxer client. For more information, see Enforce Passcode Settings.

iOS

  • Sharing iPads for line of business and other enterprise got more more secure.
    Workspace ONE UEM now offers the ability to deploy Shared iPads for Business. Any compatible device enrolled via Apple Business Manager can now be deployed as a Shared iPad and create unique data partitions using their Managed Apple ID or a Temporary Session. User’s data is secured in their partition, and they will only see the apps and profiles assigned to them as they natively log in and out of the device. For more information, see Shared iPads for Businesss.

Certificates

  • Uploading the SMIME certificates to Workspace ONE UEM for our on-premises iOS and Android users just got even easier. Credential Escrow Gateway is now automated through Workspace ONE UEM.
    When a device is enrolled, an event is sent to your defined webhook, which tells the certificate provider to upload the user certificate to the Escrow Gateway. Once the certificate is available, the Escrow Gateway fills the profile with required information, encrypts the profile for the device, and the certificate gets deleted from the Escrow Gateway as per configured settings. For more information, see Credential Escrow Gateway.

Tunnel

  • Redirect traffic to a specified HTTPS proxy that resides behind Tunnel.
    You can now create a Tunnel connection and authenticate to an outbound proxy which is residing behind the Tunnel gateway. This feature is only supported by the Tunnel SDK on iOS as used by the Workspace ONE Web app. For more information, see Create Device Traffic Rules.

Windows

  • Disable user notifications while installing and removing applications on your Windows 10 Devices.
    When you deploy some applications, such as security, infrastructure, or frequently changing apps, you might want to prevent notifications from appearing to your end-users. You can now choose to hide the installation notifications for auto-deployed apps from the Action Center in Windows and the Installation Monitor in the Intelligent Hub and Workspace ONE app. For details, see Add Assignments and App Policies to your Win32 Applications.
  • We've updated the SCEP profile for Windows Desktop.
    To enhance our support of certificate authorities (CAs) for Windows 10, we've removed the requirement to enter an Issuer of your CA. Also, you can now use SCEP certificates that use SAN attributes with non-AirWatch Certificate Authorities. The system sends the added SAN attributes with the certificate request through the SCEP profile. Find the SCEP profile for Windows 10 devices in Devices > Profiles.
  • We've added support for Registered Mode for Windows 10 devices.
    Windows 10 devices that enroll with Workspace ONE Intelligent Hub or OOBE can also enroll without MDM management with Registered Mode. Registered Mode is also known as Management Mode and you can assign this enrollment method by organization group or by a smart group. Find the settings for Registered Mode in Devices > Devices Settings > Devices & Users > General > Enrollment > Management Mode. For details, see Enroll with Registered Mode.
  • Get your most popular enterprise applications added quickly and easily with Enterprise App Repository.
    Adding and assigning the most common windows applications just got easier with Enterprise App Repository. For details, see Add Applications from the Enterprise App Repository.

To view full release notes with resolved issues and known issues, see 2006 Release Notes

Console

  • Console event Logs now displays the product name.
    Console events only displayed Product ID, but now they show the product name.
  • Configurable Hint for Enrollment Log In.
    You can configure a friendly hint (or not so friendly, it's up to you) to end-users enrolling their devices. You can be as specific or generic as you like. For example, if their enrollment log in is the same as their Active Directory credentials, then say so. You can also include a link they can click to get help. This feature is currently supported by Windows devices only.
  • We now support Avi Networks (VMware NSX Advanced Load Balancer) for all Workspace ONE Services.
    We've integrated Avi Networks with Workspace ONE UEM deployments. For more information, see Avi Vantage and VMware Workspace ONE UEM.

Android

  • We've simplified your migration. You can silently and remotely migrate Zebra devices running Android 7 or later into Work Managed mode without a factory reset or a reboot.
    As we deprecate Device Administrator support, we want to provide you with easy ways to migrate your devices enrolled under Android (Legacy) to Android Enterprise. For more information, see Android Legacy Migration.
  • Gather location data without sacrificing your device battery life.
    Google has created the Fused Location Provider API. It is a simple and battery-saving location API for Android. We've added a new device setting to support this API, Location Data Accuracy, that allows you to gather location data more accurately without sacrificing battery life. For more information, see Devices & Users / Android / Hub Settings.

macOS

  • We now support MDM Bootstrap Token in macOS 10.15.
    For User Approved MDM enrolled devices on macOS 10.15 Catalina, a Bootstrap Token will be automatically generated and escrowed to Workspace ONE UEM on the next login by any user who is already SecureToken enabled. This Bootstrap Token will then be used to automatically grant a SecureToken to mobile account users and the optional managed administrator account created during Apple Business Manager enrollment. For more information, see MDM Bootstrap Token.

Mobile Content Management

  • Make use of the Device service to get the updated device status.
    To get the updated device status, use a device service endpoint instead of the existing dbo.Device table. The dbo.Device table is deprecated and is no longer updated with the device status.

Rugged

  • Introducing the Relay Server Cloud Connector.
    A Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content from a service endpoint and distributes it to your relay servers. This design initiates an outbound connection from your network to the VMware cloud to download content for distribution. Such an outbound connection represents a security advantage over other relay server designs. For more information, see Configure a Relay Server.

Windows

  • Workspace Intelligent Hub for Windows now supports enrollment with Workspace ONE Access..
    If you use Workspace ONE Access as your identity provider, you can now enroll Windows 10 devices with Intelligent Hub for Windows. When you configure the source of authentication for Intelligent Hub, select Workspace ONE Access. Configure these settings in Devices > Device Settings > Devices & Users > General > Enrollment. For details, see Configure Enrollment Option.

To view full release notes with resolved issues and known issues, see 2005 Release Notes

Android

  • We've changed the way enrollment restrictions work for Android 10+ devices.
    When you enroll Android 10 or later devices into Work Profile mode, they will be held in for an evaluation period until we can collect the IMEI and Serial number. The UEM console lists the device as "Enrollment Pending" until the UEM console confirms if the IMEI or Serial number is on whitelisted or black listed. This ensures that the work data (apps, profiles, etc.) are not sent to an Android 10 device until Enrollment Restrictions are evaluated. For more information, see Enrollment Restrictions for Android.

iOS

  • Deploy the latest iOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

macOS

  • Streamline your SSO experience with macOS Identity & Certificate Preferences.
    If you deploy multiple client certificates, your users may be prompted at times to choose which certificate they should use for authentication. With this feature available in macOS User Certificate or SCEP profile payloads, you can define URL(s) which should automatically use this certificate, so that users do not need to select it each time they access the service. For details, see Configure a SCEP/Credentials Profile.
  • Retrieving Intelligent Hub logs for macOS just got easier.
    You can now remotely request Intelligent Hub log retrieval from macOS devices for troubleshooting from Device Details. If you are facing elevated privacy policies, this feature includes an optional setting to prompt the end-user for approval before collecting and transmitting the logs. This feature requires Workspace ONE Intelligent Hub 20.05. For details, see Request Device Log .
  • Deploy the latest macOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

Apple Business Manager

  • Revoke your licenses automatically when you remove an Apple Business Manager iOS app.
    Apple Business Manager licenses for iOS apps that have been allocated but manually removed by the user will be automatically revoked and available for distribution. For details, see Revoke Licenses From Uninstalled Applications.

Windows

  • We let you enter your own application version for Windows SFD applications.
    You can now edit the actual application version and the version field for SFD applications of type EXE and Zip. This new feature is applicable only when you upload a new EXE or Zip file. For all the existing applications, you can add a new application version, and the version field appears as read only for the for the newer version you add. For details, see Configure Win32 Files for Software Distribution.
  • Re-establish communication between Windows 10 devices and the Workspace ONE Intelligent Hub for Windows.
    Certain events can cause communication problems like HMAC errors and failed upgrades of the Workspace ONE Intelligent Hub for Windows. You can fix these communication problems with the new Repair Hub action on the Device Details page of Windows 10 Devices. You can also use this action to re-install the Hub. Find this setting in Devices > List View > select the Windows Desktop Device > More Actions > Admin > Repair Hub. For details, see Windows Desktop Device Details Page.

SDK

  • We've made changes to User Certificate Credential Source behavior for SDK-built apps.
    When users are configured to receive SMIME certificates along with their other custom SDK configurations but they don't have an associated SMIME certificate, the system no longer stops other custom SDK configurations from processing. Find Certificates for the custom SDK profile in Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add > SDK Profile > Credentials Payload.

Tunnel

  • Android Enterprise devices now support SCEP generation of Tunnel Client certificates with key length 4096 when using the AW (Default) Certificate Authority..
    To send a Tunnel client certificate for Android Enterprise devices via SCEP, re-save your Tunnel configuration. All new certificates generated will use SCEP with the increased key length. There is no immediate impact on the devices with existing profiles.

To view full release notes with resolved issues and known issues, see 2004 Release Notes

Android

  • Control how widgets work in a Work Profile.
    The Allow apps to utilize widgets in the Work Profile restriction controls whether users can use widgets from apps added to your work profile. When enabled, you can add public app widgets. For more information, see Configuring Restrictions for Android Device with Workspace ONE UEM.
  • Apply custom filters to know how your devices are enrolled in Workspace ONE UEM.
    We've added a custom filter to the List View that quickly lets you view how your devices are being managed. The new Custom View column indicates if the device is Android (Legacy), Work Profile, COPE, and/or Work Managed. For more information, see Android Device Management.

Chrome OS

  • Want to document why a Chromebook is being enterprise wiped? Now you can.
    When you enterprise wipe a Chromebook device, a new option displays that lets you select if you are wiping the device for replacement or deprecated device. For more information, see Device Management Commands for Chrome OS Devices.

Windows

  • Dell Provisioning for VMware Workspace ONE got a new name. It's now called Factory Provisioning.
    We've updated the name of Dell Provisioning for VMware Workspace ONE to Factory Provisioning. The functionality remains the same. For more information, see Factory Provisioning.
  • We've updated the Antivirus profile for Windows Desktop.
    The Antivirus profile that works with your Windows Defender Antivirus system now includes more options. Set levels for Cloud Protection, identify potentially unwanted applications, enable tamper protection, and prompt for user consent. Find the Antivirus profile for Windows Desktop in the console at Devices > Profiles > List View. See Configure an Antivirus Profile (Windows Desktop) for details.
  • Defer your application installation during app assignment.
    You can now defer app installation during the app assignment. You can make these changes while adding app assignments and policies to your Win32 Applications. For more information, see Add Assignments and App Policies to your Win32 Applications.
    Note: App deferrals is a tech preview feature and may not be available in all environments. Consider limiting your use of this feature for testing purposes only. App deferrals must not be used in a production environment. Features are not final and are subject to change at any time.

Rugged

  • We've made a few improvements to product provisioning deactivation.
    If you find yourself in a situation where you must cancel an ongoing product provisioning deployment (due to provisioning misuse or an issue with the product content), you can use the improved deactivation flow. In addition to clearing the device command queue, cancelling the in-progress jobs and clearing commands from content service table, the new deactivate flow checks whether the product is active before processing and deletes content items from the content service table.

App Management

  • App assignment has a fresh new look.
    Check out the new assignment experience for all your apps with complete API support. We've streamlined how our app configuration works with Smart Groups. For more information, see Add Assignments and Exclusions to your Applications.
  • Configuring Workspace ONE Boxer just got easier.
    Common configurations supported by Workspace ONE Boxer can now be configured from the Apps & Books section. You can also configure Boxer for internal app deployments. For more information, see Assign and Configure Workspace ONE Boxer.
  • Configure Notebook application from the Apps & Books section.
    Configure your Workspace ONE Notebook app for both managed and unmanaged devices using the app assignment in the Apps & Books section. This new feature is available if you are using Notebook version 1.4 or later. For more information, see Assign and Configure Workspace ONE Notebook.

Content Management

  • View the exact count of Smartfolio users who acknowledged your document.
    Smartfolio users can now acknowledge the documents that you assign to them as required content. On the Workspace ONE UEM console, you can view these acknowledgments in the Content List View and the Device Details pages. For more information, see Acknowledgement in Smartfolio.

To view full release notes with resolved issues and known issues, see 2003 Release Notes

Workspace ONE UEM Console​

  • See an on-screen notification if your report exceeds the size limit.
    If you request a report that is bigger than the size limit, it is now represented in Monitor > Reports and Analytics > Exports with a new status label called "File size exceeds limit". The new Exports status appears if your report needs more file space than the 4GB hard limit.
  • We've made a few updates to SAML and Directory Authentication in Workspace ONE Express.
    When setting up SAML on the Directory Services configurations page in Express, you can now export the service provider's settings without any issue. Also, directory authentication is enabled for Express organization groups, which means, you can now enroll devices with directory authentication.
  • Leverage the event data to consume Workspace ONE API's based on UUIDs.
    We've added the EnrollmentUUID and DeviceUUID attributes to event notifications. These additional identifiers are associated with the user and device.

Android

  • Retrieve feedback reported by OEM config applications for quick detection of errors.
    Use the feedback channel to get granular app feedback and troubleshooting information sent by apps. For more information, see Retrieve Feedback from OEM Config Applications.
  • Control which Google accounts can be used within the Managed Google Play Store.
    Sometimes you may want to allow people to add G-Suite accounts to access corporate email, or personal accounts (to read mail in Gmail for example) but do not want the unmanaged Google account to access an unrestricted Google Play. With the new Allowed Accounts in Google Play setting in the Restriction profile, you can choose whether to restrict or allow non-Managed Google Play Access. You can set a list of accounts people can use in Google Play. For more information, see Restriction Profile.
  • Restrict personal apps from sharing data with work applications.
    Allow personal apps to share data with work apps in the Restriction profile now lets you prevent personal apps from sharing files, pictures, and data into the managed profile. For more information, see Restriction Profile.

iOS

  • Convert all your Apple Business Manager licenses in a single click.
    You can now convert any user-based licenses synced from Apple Business Manager to device-based licenses by selecting one, multiple, or all the applications for a given organization group. For more information, see Configure Licenses and Assign with Flexible Deployment.
  • Keep your custom Apple apps up to date.
    You can now enable automatic updates for Apple Custom apps synced from Apple Business Manager. Any device that reports an app that is not on the latest version will have the app updated automatically.
  • Remote Assist Process Streamlined in Device List View and Details View.
    It now takes fewer clicks to start a Remote Assist session on a qualifying device from the UEM console's Device List View and Details View. Your remote sessions for troubleshooting and performing advanced configurations on devices in your fleet are initiated swiftly because you select the specific Remote Assist client tool before you connect. For more information, see Device List View.

Windows

  • Get access to your BranchCache performance data from both the device and the server.
    The new Peer Distribution Panel under Apps&Books > Native > List View > Application Details give you a heads-up on the number of devices that have downloaded the application using the peer distribution, the amount of data downloaded, and the source of the downloaded data. The application Devices tab now gives you individual BranchCache performance data for each of your devices. For more information, see Device List View.
  • The communication resiliency for Windows 10 got better with automatic HMAC recovery.
    Workspace ONE UEM automatically checks the HMAC on Windows 10 devices. If the system identifies a corrupt or missing HMAC, it triggers an HMAC recovery. It sends it through the native OMADM channel to the Workspace ONE Intelligent Hub to re-establish communication.
  • Keep your apps installed on your devices.
    With the new Desired State Management setting, you can now protect your managed apps from removal from your devices. For more information, see Add Assignments and App Policies to your Win32 Applications.
  • Deploy profiles with the new Windows - AAD Enrolled smart group category.
    Use the new Windows - AAD Enrolled category in smart groups when you want to exclude or include Windows 10 devices depending on their management status. For example, configure the General payload of a Credentials profile to exclude a Windows - AAD Enrolled smart group so you can deploy certificates to managed devices but not to OOBE devices. When creating smart groups, find the new Windows - AAD Enrolled category in Criteria Type > Enrollment Category. When configuring profiles, go to the General payload and select the group with Windows - AAD Enrolled configured for Smart Groups or enable Exclusions and select the same for Excluded Groups.
  • We've updated the integration of the Dell Command | Update (DCU) with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities and alligns with the latest DCU 3.1 release from Dell.
    We've updated the integration of the Dell Command | Update with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities. With the new version of Dell Command | Update, we'll have a few workarounds and scripts that maintain CLI use. Watch VMware's Tech Zone (https://techzone.vmware.com/) for news about the integration and next steps.

Content Management

  • Automate your content gateway settings in the UEM Console.
    Now you can create configuration files in the UEM console for UAG deployment. These files simplify deploying your content gateway servers deployed through UAG. For more information, see Configure Content Gateway on the UEM Console.

Rugged

  • Android Application Provisioning Supports Per-App VPN.
    Per-App VPN is now supported for provisioning applications to Android devices. When you configure an Android app to be provisioned with the per-app VPN option, a VPN automatically connects when that Android app is launched and routes all the app traffic through the VPN. For more information, see Create a Product.
  • Product Provisioning Now Supports CDN.
    The struggle for bandwidth in your provisioning environment just got a little easier now that support for Content Delivery Networks (CDN) has been introduced. With this option enabled and configured, CDN can lighten the distribution of product loads to offload traffic from your network. For more information, see Configure a CDN for Provisioning.

Tunnel

  • Configure detailed Unified Access Gateway settings from the UEM console.
    You can now set advanced configuration settings for the Tunnel gateway directly from the UEM console without needing to login to your UAG servers. For more information, see Configure Per-App Tunnel.

To view full release notes with resolved issues and known issues, see 2001 Release Notes

Workspace ONE UEM Console​

  • Apply as many filters as you like with the new device filter.
    We've greatly improved the way filtering works on devices in the Device List View. You can now apply as many filters as you like and the device listing does not update until you select the Apply button. This saves you time waiting for the console to update with each filter selection.
  • Presenting Terms of Service (TOS) agreement for our SaaS customers.
    SaaS customers logging in to the console for the first time are now presented with a Terms of Service (TOS) agreement for VMware Cloud Service Offerings. After acceptance, subsequent logins by any administrator are not presented with the same TOS. For details about the contents of the agreement, see VMware Cloud Service Offerings.
  • View all your managed devices connected with the same Wi-Fi router in the Device List View Custom Layout.
    You can now include the Service Set Identifier (SSID), known commonly as the Wi-Fi network name, in the Device List View. This new column makes it easy to show all managed devices connected with the same Wi-Fi router. Enable this new column by selecting the custom layout option and select SSID from the list of available columns.
  • Your reports no longer consume excessive disk space.
    A hard limit of 4 GB has been placed on the size of your Workspace ONE UEM reports. This limit prevents potentially excessive processing cycles devoted to creating oversized reports. For more information, see Generate Reports.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.

Android

  • Enroll and manage your GMS and non-GMS Work Managed devices within the same organization group.
    In order to avoid having to create several organization groups to manage GMS and non-GMS devices, we've updated our QR code enrollment to include an option that forces AOSP/ Closed Network Enrollment. When this is enabled in the QR code enrollment settings, your device enrolls as AOSP/Closed Network, regardless of the Work Managed Enrollment Type set in the Android enrollment settings. For more information, see Generate a QR Code Using the Enrollment Configuration Wizard.

Chrome OS

  • Start configuring, renewing, and revoking your certificates from the UEM console.
    With the Workspace ONE UEM Extension for Chrome OS, you can fully manage user and device level certificates. For more information, see VMware Workspace ONE UEM Extension for Chrome OS.

iOS

  • Update your Apple Custom apps with a single click.
    You can now push updates to Apple Custom apps that are out of date.

Windows

  • Define your Baseline assignments with the new Exclusions feature.
    You can now exclude specific smart groups from assignment when assigning Baselines to your Windows 10 devices. This feature allows you to assign the Baseline to a large smart group and then refine the assignment to exclude specific, smaller smart groups.
  • Ensure your data is protected on Windows 10 devices even after a device wipe.
    The Encryption profile now supports keeping the system encrypted at all times. This includes after removing the profile, wiping the device, or any break in communication with Workspace ONE UEM to your Windows 10 devices.

To view full release notes with resolved issues and known issues, see 1912 Release Notes

Workspace ONE UEM Console​

  • VMware Identity Manager is now Workspace ONE Access.
    Our Intelligent Access for the Digital Workspace is now called Workspace ONE Access.
  • We've enhanced the console response for deleted devices.
    When you delete a device from the console, the response you see no longer conceals the device's friendly name, allowing you to identify it.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.
  • The System help page under All settings > Admin > Diagnostics lost its home. But we’ve made sure to retain some of its functionality it served for the cloud connector.
    You can now check the cloud connector status by using Test Connection. It gives you the same information as the System health check page did.

Android

  • PIV-D Manager is not limited to Android Legacy devices anymore. PIV-D Manager now supports Android Enterprise devices.
    Push the PIV-D Manager to your Android Enterprise deployment. Use it with Workspace ONE Boxer, Web, Wi-Fi, and VPN systems along with your derived credential provider. This iteration does not support using Gmail with derived credentials on Android Enterprise. For details, access Use Profiles to Control How Android (Enterprise) Devices use Derived Credentials Certificates.

iOS

  • Keep your iOS devices up to date and running the latest, feature-rich iOS releases.
    Manage the operating system updates of your iOS devices with the new Updates framework. With the new framework, you can force devices to download and install any iOS update available for the device. You can also notify users when each step finishes. A new reporting dashboard allows you to track the rollout of each update to your devices and drill into specific devices for a more detailed list of updates for the device.
  • Experience a modern UI for User Enrollment and Custom Enrollment.
    Users enrolling with the newly released User Enrollment for BYOD and Custom Enrollment for devices added to Apple Business Manager will experience a modern and refreshed interface to align with Workspace ONE Intelligent Hub's enrollment view.
  • Provide additional controls to your corporate iOS 13+ devices for Wi-Fi and the Files app.
    You can now force on Wi-Fi for iOS 13 supervised devices as well as prevent connections to network drives from the Files app in the Restriction Profile.
  • Better deploy Custom Apps by seeing rich metadata in the Workspace ONE UEM console.
    You can now automatically sync in the metadata for Custom Apps being added via integration to Apple Business Manager similar to how public apps are achieved. For more information, see Activate Management of Custom Applications.

macOS

  • HelpDesk support just got easier with the cross-platform remote assist solution.
    Workspace ONE Assist is now available for macOS.For more information, see Remote View.
  • Enhanced security for managing local admin account with a unique randomized password for each device that can be viewed in the admin console.
    We've improved security for managing local admin account on macOS. Workspace ONE UEM also takes it a step further and automatically triggers a password rotation in 8 hours of when someone attempts to view the password in the console for a particular device.
  • We now automaticaly remediate devices missing the required certificates.
    We've improved the desired state management of macOS certificates by automatically remediating devices missing required certificates. To know more, see Certificate Profile Resiliency.

Windows

  • Control when your Windows 10 devices update with the improved Windows Update profile.
    We've enhanced the Windows Update profile to improve the user experience. We've condensed some fields, removed legacy options, and reorganized the layout a bit. We've also added the new Active Hours Maximum option that allows you to limit the number of active hours for device updates. You can also set reboot deadlines based on the type of update with the Engaged Restart Deadline options.
  • Creating Baselines is easier with our improved UI.
    We've improved the user experience for creating Baselines. Navigate custom policies easier with the new vertical layout. Reviewing additional policies is easier with the new collapsible layout.
  • Know the build your Windows 10 devices are using.
    We've improved the Device Details page to show the latest patch version or 4th decimal of the OS version of your Windows 10 devices under the Build Number field.

App Management

  • We've stopped collecting personal app information from your devices, even while enforcing app compliance or app control policies.
    We've made some changes to the personal app information collection when you set the privacy policy as ‘Do not collect'. For more information, see the Impact of Privacy Settings on the Application List Compliance and Application Control profile.
  • We’ve improved the user experience for all your Windows app installation.
    You can now choose to defer reboots until a more convenient time, or install multiple applications and reboot once they have all installed. For more information, see Device Restart.

Content Management

  • Managing your existing Manual Templates just got easier.
    You can now add links to an existing template.

Email Management

  • Rotate your G Suite Password without all the hassle as before.
    Rotate the Google Suite password for G Suite user accounts without having to enroll or unenroll a device.

Rugged

  • We've added support for domain usernames in Stage Now relay server credentials.
    You can now use domain-based usernames to authenticate Stage Now relay servers. Accepted formats for domain usernames are username@domain and domain\username. For more information, see Step 3 in Zebra Stage Now Special Characters, Android.
  • We're making your VMware launcher experience as close as possible to that of the native launchers. Pin icons to the hot seat bar and vice versa while using Workspace ONE Launcher.
    Add an app to the bottom bar while using Workspace ONE Launcher. This bar remains visible as users swipe to different launcher screens.

To view the full release notes with resolved issues and known issues for 1910, see 1910 Release Notes

Workspace ONE UEM Console​

  • We've made enhancements to the /users/ API.
    The GET /users/{uuid} and POST /users/ APIs now include new attributes such as aadMappingAttribute, department, employeeIdentifier, costCenter, customAttribute1, customAttribute2, customAttribute3, customAttribute4, and customAttribute5.
  • We've added a new API that automatically syncs User groups and Admin groups into the Console from the Active Directory or LDAP.
    Previously, administrators had to manually log in to the console to perform a group sync. We now have an API for the group sync action that enables automation. The new GET /GroupSyncActions/{uuid} API grabs the approval status of a group with the access token and a link to merge that group. The result also includes the details of members added to and removed from the group. The new POST /GroupSyncActions API merges the User groups or the Admin groups that are in the "Approval Request Pending" state.

Android

  • Display a personalized message when removing a work profile on an end user’s device.
    You can now choose to show your end-users a personalized message when you decide to remove a work profile.
  • We've increased security around non-strong authentication methods and passcode change notifications.
    The Passcode profile provides better security around non-strong authentication methods and passcode change notification.The Passcode Required Range lets you specify how much time elapses after the device has been unlocked with the non-strong authentication before the user is prompted to enter the passcode. The Passcode Change Alert text box lets you specify the amount of time prior to the passcode expiration that the user is notified to change their passcode.
  • We've upgraded the Launcher profile with additional configurations.
    You can now enable/disable Home and enable/disable Keyguard option in the Android Enterprise Launcher Profile.

Chrome OS

  • Securely manage user and device level certificates with the Workspace ONE UEM Extension for Chrome OS.
    The Workspace ONE UEM Extension for Chrome OS automatically installs on managed devices to provide secure provisioning of both user and device-based Microsoft ADCS certificates,and seamless connectivity to WiFi and web applications. Additionally, direct communication with the UEM console enables a faster device sync after enrollment and enhanced device visibility.
  • Remotely disable devices that have been lost or stolen with Lost Mode for Chrome OS.
    Lost mode for Chrome OS allows you to remotely disable devices that have been lost or stolen, and allows them to set a custom message displayed on the lock screen through the Chrome OS device profile. While disabled, the device cannot be used for any purpose. Devices can be re-enabled remotely once they are found.

iOS

  • Empower your apps with additional capabilities by remotely associating domains.
    Configure any domains that need association with their in-house or the third-party apps without manually including them in the app's entitlements file. This association can be used for advanced capabilities like SSO extension, universal links, and shared credentials. To know more, see Add Assignments and Exclusions to Applications.
  • Avoid the delays of accepting prompts and quickly get your students engaged with their apps.
    Students with Managed Apple IDs created in the Apple School Manager are no longer required to accept any prompts to install apps and books. Workspace ONE silently accepts these prompts on the Managed Apple ID's behalf with no admin interaction.
  • Take advantage of the latest communication standards for Apple Push Notifications.
    Communicate with Apple devices over HTTP/2 for Device Management and delivering push notifications to VMware Productivity Applications.

Windows

  • Use Sensors to monitor your 64-bit Windows 10 devices.
    Sensors for Windows Desktop Devices now supports controlling when PowerShell scripts execute based on the device architecture. You can limit a script to 32-bit or 64-bit only or force a script to run as 32-bit regardless of the device architecture. This enhancement reduces errors when using Sensors for 64-bit devices.
  • Know how your devices comply with your Baselines.
    The UEM console now reports a device's compliance to a specific Baseline. See the current compliance status of devices to the published policies of a baseline. Baseline compliance reporting uses a 15% compliance threshold before marking a device non-compliant.
  • Our Smart Groups are not just smart, they are flexible too. Start creating OEM-specific Smart Groups for your Windows Desktop Devices.
    We've added Windows Desktop OEM and Model Support to Smart Groups.
  • We’re working on a technical preview for Digital Employee Experience Management for Windows 10 deployments.
    Digital Employee Experience Management is a collaboration between Workspace ONE UEM and Workspace ONE Intelligence. With this feature enabled, the Workspace ONE Intelligent Hub for Windows sends telemetry data to Intelligence about OS and app stability and usage.
    In a soon-to-be-released version of Intelligence, you can see your data in dashboards to know what is working and what needs fixing. Use the dashboards to focus on specific analytics and use automations to mitigate possible issues and to fix problems when they happen.
    If you’re interested in starting to collect data, call your customer service representative to turn on this feature.

App Management

  • Experience consistent application status tracking on all your devices.
    We've enhanced different areas of the UEM console that deal with application deployment monitoring. The Workspace ONE UEM console now monitors apps and provides detailed application status based on the device reports and logs the actions taken in the UEM console.

Tunnel

  • We've added Device Traffic Rules support for Workspace ONE Tunnel on macOS.
    Create granular policies for use-cases like split-tunneling and domain filtering for macOS applications. Add apps and policies from the Tunnel's Device Traffic Rules and deliver them as a part of existing profiles.

To view the full release notes with resolved issues and known issues for 1909, see 1909 Release Notes

Workspace ONE UEM Console​

  • Participate in VMware's Customer Experience Improvement Program (CEIP).
    Workspace ONE UEM is now a participant of VMware's Customer Experience Improvement Program, which seeks to improve its products and services, to fix problems, and to advise you on how best to deploy and use our products.  As part of the CEIP, VMware collects the technical information about your organization’s use of VMware products and services regularly in association with your organization’s VMware license key(s).  This information does not personally identify any individual. For details regarding the CEIP, visit the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html.
  • Automatic retry makes for a robust profile installation experience. 
    We've added a new retry logic for profiles that fails to install on your devices. The new logic retries to install the profiles when your devices check-in.
  • Meet the newly designed Message Templates.
    The redesigned Message Templates now provides a better globalization experience. With the new system, admins using message templates only see templates for the active language. For example, if an admin uses the Workspace ONE UEM console with Japanese, they will only see Japanese message templates.
  • Keep close tabs on your shared devices with the new API event notification for check-in/check-out.
    We've added an API event notification that allows you to see when shared devices check-in/check-out. The event notification enables you to recognize usage patterns and help you keep tabs on these multi user devices. 
  • UEM notifications available as messages within Intelligent Hub are now available under Notifications. 
    If you have activated Workspace ONE Intelligent Hub Services and enabled Notifications capability, UEM notifications, such as Compliance issues, will be sent through the Notifications Service. This enhancement allows your employees to get all their notifications within the Intelligent Hub notifications page thereby providing a consistent experience. You no longer have to go to Accounts > This Device > Messages page within Intelligent Hub app to view UEM related notifications.

Chrome

  • Introducing the all new Dell Profile for your Dell-specific management capabilities. 
    With the launch of the Dell Enterprise Chromebook line, Dell has introduced some Dell-specific management capabilities with the new Dell Profile (Chrome OS)

iOS

  • Tighten your security posture with new USB drive access controls.
    You can now prevent the USB drive access to Files on iOS 13+ devices in the Restriction Profile
  • Specify how your iOS 13+ devices handle network traffic with the VPN profile.
    You can now set domains that Mail, Contacts, and Calendar accounts automatically connect to. Also, you can direct how the Virtual Private Network (VPN) client includes or excludes local network traffic.
  • Control how Voice Control works for iOS 13+ devices running in Single App Mode.
    Prevent or allow Voice Control capabilities for iOS 13+ devices when configuring the Single App Mode profile
  • Bring SSO functionality to your apps with the SSO Extension profile.
    The new Single Sign-On Extension profile for iOS 13+ devices let you provide targeted URLs for both redirect and credential-based SSO.
  • Customize the enrollment experience for devices synced from Apple Business Manager. 
    Deploy devices synced from Apple Business Manager (formerly DEP) with a set of customizable, branded web screens. These screens offer custom enrollment with advanced enrollment actions such as modern auth, multi-factor auth, and EULA acceptance.
  • We support a new privacy focused enrollment method that protects your personal data while still providing enterprise resources.
    Enroll all your iOS 13+ devices using Managed Apple IDs created in Apple Business Manager through federation to Azure AD. User Enrolled devices provide enhanced privacy focus that separates managed data from personal while still providing the core management capabilities such as installing apps, configuring Wi-Fi, and passcode requirement.
  • Refresh your eSIM configuration.
    Request iOS 13+ devices to refresh the eSIM configuration for a specific carrier by making changes in the Device Details page.  

macOS

  • Streamline the Setup Assistant experience with our new primary user account customization options. 
    Customize the primary user account information created in Setup Assistant on macOS 10.15 Catalina devices during an Automated Enrollment through Apple Business Manager. Make these changes when you create or edit the DEP Enrollment profile
  • Bring SSO and AD password syncing on your devices with the SSO Extension profile. 
    Configure app extensions that perform single sign-on with either the Generic or Kerberos SSO extension on macOS 10.15 Catalina devices with the SSO Extension payload

  • Simplifying your user experience by automating new System Extensions approval. 
    Control restrictions and settings for apps that use System Extensions by configuring the System Extensions profile

  • Prevent data leakage with the new Handoff restriction.
    Restrict  the ability to use Continuity Handoff capabilities on Macs running 10.15 by configuring the Handoff key in the Restrictions profile

  • Monitor the Secure Boot and External Boot statuses to ensure only approved operating systems can run. 
    View the Secure Boot and External Boot status for the Macs running 10.15 Catalina in the Device Details page. 

Mobile Content Management

  • Content Locker gets a new name. Let's welcome Workspace ONE Content.
    Workspace ONE Content has all the same functionality as Content Locker, but with a new name. To learn more, see VMware Workspace ONE Content

Rugged

  • Keep Honeywell Android device enrollment simple with the Barcode Enrollment.
    You can simplify the enrollment experience for your users with the barcode enrollment for Honeywell Android devices. Users simply scan the barcode to enroll the devices

Windows

  • Everything is better together with Dell and the new Dell BIOS Attestation.
    Protect your Dell Windows Desktop Devices with the new Dell BIOS Attestation. This service analyzes the BIOS of your Dell devices and reports the status of the BIOS to Workspace ONE UEM. Using Workspace ONE UEM compliance policies, you can act quickly to reduce the risk a compromised device poses to your network.

Workspace ONE Express

  • Learn more about upgrading to Workspace ONE UEM.  
    You now have a simple path to understand what upgrading to Workspace ONE UEM can do for your organization. Get access to helpful videos, live demos, and documentation of Workspace ONE UEM's full feature set, not to mention an easy upgrade path for when you make the switch.
  • We've made migrating your legacy Android devices to the Android Enterprise easy. ​Try our new Android Migration Tool for Express.
    The Android Migration Tool walks you through the process step-by-step. Once you register Workspace ONE Express with Google as your Enterprise Mobility Manager, you can migrate your legacy Android devices. 
  • Troubleshooting your problematic devices got easy with the introduction of the Troubleshooting tab on Device Details. 
    Troubleshooting tab displays the Event Log and Commands listings including a filter and search capabilities, enabling you to perform troubleshooting on the device. To learn more, see Troubleshooting tab on Device Details

To view full release notes with resolved issues and known issues for 1908, see 1908 Release Notes

Android

  • Enroll devices into Android Enterprise Work Managed mode without a managed Google account. 
    You can Enroll devices into Android Enterprise Work Managed mode without a managed Google account under the following circumstances:
    • When you do not have connectivity to Google.
    • When you are operating on a closed network.
    • When your devices do not contain Google services (AOSP/Non-GMS).​ 
      The Android EMM Registration page now includes an option to select AOSP Closed Network as the Work Managed Enrollment Type. To learn more, see Android Device Enrollment
  • We allow Passcode reset on your work profile devices running Android 8.0+.
    You can now select the Clear Passcode and Reset Passcode commands for Work Profile devices running Android 8.0+. Clear Work Passcode removes the work security challenge on the device and the Reset Work Passcode prompts you to enter a new passcode. 
    To learn more, see  Device Management Commands.

iOS

  • We've added new network usage rules payload keys for all your iOS 13 devices.
    Set up the Wi-Fi assist capabilities of targeted physical and eSIM cards for iOS 13 devices.
    To learn more, see Configuring Network Usage Rules Profile
  • Skip all newly added Setup Assistant screens for iOS 13 devices.
    We let you skip newly added Setup Assistant screens for iOS 13 devices added to Apple Business Manager.
    To learn more, see Complete the DEP Enrollment Profile
  • We've added new Restrictions payload keys for iOS 13 devices.
    Prevent Wi-Fi toggling, QuickPath keyboard, Find My Friends, and Find My Device on iOS 13 devices. Also, we've added several existing options that requires supervision such as restricting Camera, Safari, iCloud backup, and explicit content.
    To learn more, see Restriction Profile Configurations
  • Stop the user toggle of the native Mail, Contacts, Calendar, Reminders, and Notes apps separately. 
    We've added new Exchange payload key for iOS 13 devices that allows configuring and preventing the user toggle of the native Mail, Contacts, Calendar, Reminders and Notes apps separately. 
    To learn more, see Configure EAS Mail Profile for the Native Mail Client

macOS

Windows

  • Simplify your peer distribution with the new Windows Desktop profile.
    We've moved the Workspace ONE Peer Distribution from Groups & Settings to a Device Profile for Windows Desktop. The new profile for Windows Desktop devices simplifies configuring the Workspace ONE Peer Distribution settings.
    Workspace ONE Peer Distribution now supports Distributed, Hosted and Local BranchCache modes along with additional configuration settings such as disk space percentage and max cache age.
    To learn more, see Peer Distribution with Workspace ONE
  • Provision your Windows 10 devices yourself with encrypted custom PPKGs.
    PPKGS allow you to provision your Windows 10 devices with the apps, profiles, and enrollment credentials you use. You can use this provisioning package as part of the Windows 10 Out of the Box Experience or later after the device is set up.
    To learn more, see Create a Provisioning Package for Windows 10 Devices
  • Springing from a partnership with Dell, VMware announces Workspace ONE Express+.
    Workspace ONE Express+ is a light management solution for small and mid-size businesses bringing support for Windows 10 devices and Office365 apps.​

Workspace ONE Express

  • Register your Google account with Workspace ONE Express and welcome devices with Android Enterprise.
    Workspace ONE Express now supports Android Enterprise, including support for Work Profile and Work Managed enrollment types, as well as support for Managed Google Play, Android Enterprise policies, and resources. Express support for Android Legacy continues unchanged.
    To learn more, see Enrollment
  • Workspace ONE Express now lets you add an application catalog to the home screen of your devices.
    When you set up Workspace ONE Express, you are now offered the chance to add an application catalog to the home screen of your devices. This option makes it easy to ensure your devices can download the optional apps you assign to them.
    To learn more, see Express Setup

To view full release notes with resolved issues and known issues for 1907, see 1907 Release Notes

Workspace ONE UEM console

  • We've improved logging back into the console after your session times out.
    The console now remembers whether you are a SAML or non-SAML user. When timed-out, SAML users can log back in without any clicks. Non-SAML users, with a remembered user name and password, see their credentials auto-populated on the screen and can log back in with one click. This improvement is enabled by default.
    To learn more, see Logging In to the UEM Console
     
  • Know if your APNs certificates are connecting over the HTTP/2 protocol.
    We've given you an option to manually conduct the test and check whether your APNs certificates are connecting over the HTTP/2 protocol. 
    To learn more, see Checking APNs Connectivity over HTTP/2 Protocol.
     
  • Device tags no longer show the tag color and the tag type in the console.
    Options for the device tag color and the device tag type are removed from the console.
     
  • Unassign a device tag from multiple devices in a one sitting.
    You can now unassign device tags from multiple devices at the same time.
    To learn more, see Unassign Tags from Multiple Devices.
     
  • We offer a simplified integration with Adaptiva to support your peer-to-peer software distribution deployments.
    Workspace ONE UEM supports a new version of the Adaptiva server. For all existing customers, Workspace ONE UEM still supports the previous version of the Adaptiva server. To use the new integration, update your Adaptiva server and your AirWatch Cloud Connector to version 1907.
    To learn more, see Configuring Peer Distribution Software Setup with Adaptiva
     
  • AirWatch Express got a new name. It's now called Workspace ONE Express.
    Workspace ONE Express has all the same functionality as AirWatch Express, but with a new name. 
    To learn more, see Introduction to Workspace ONE Express.
     
  • We've improved privacy by adding a location data question to Workspace ONE Express.
    Privacy is important to our customers. Selecting Yes in the Getting Started survey prompts the user on their device if they choose to share the location data. If the user declines, then location data is not collected.
    To learn more, see Express Setup Survey.
     
  • Get a better idea of the batch import task status in Workspace ONE Express.
    You can now see the status of batch import tasks. Navigate to Accounts > Users > Batch Status to see the status of the batch import jobs you have already initiated.
    To learn more, see Batch Import Users or Devices.
     
  • Make the most out of your Telecom List View page with the new export option.
    We've given you an option to export your usage and roaming details in CSV and XLSX formats. The exported file is available for download in the Monitor > Reports and Analytics > Exports page. 
    To learn more, see Plan Usage Details for Telecom Assets.
     
  • We've enhanced our directory user status synchronization logic.
    The status of Administrator and Enrollment user accounts in the UEM console now syncs correctly with deactivations made to your Active Directory service provided the following assumptions. The user named in the Bind User Name option, located in Groups & Settings > All Settings > System > Enterprise Integration > Directory Services in the Server tab, must have Active Directory administrator privileges. The recycle bin must also be enabled using the Active Directory Administrative Center.
    To learn more, see Directory User Status Syncing.
     
  • LDAP configuration validation is now more comprehensive. Validate your LDAP configuration directly from the console. 
    Administrators can now, at the time of Directory Services setup, validate directory users and user groups, and their attributes, even before adding them to the UEM Console. The enhanced capability helps avoid bad configurations that might arise due to incorrect Directory Services setup.
    To learn more, see Map Directory Services User Information.
     
  • The Settings tab is removed from the Global Search results, which speeds up the search.
    If you choose to search for settings, initiate a search from the Configurations page. Navigate to Groups & Settings > Configurations and enter a keyword in the search text box.

Android

  • The configuration experience for Android public apps now lets you set up complex configurations supported by the OEM.
    Our new updates include:
    • Support for nested bundle arrays.
    • A better and simplified design with useful tooltips. 
    • Choose to leave the unused application configuration options blank instead of deleting them from the UI.
      ​To learn more, see Assigning Applications for Android.
  • We've added programmatic migration workflows for moving your devices on legacy device administration to Work Profile.
    Migrate from your Android (Legacy) deployment to Android Enterprise(Formerly Android for Work) to gain more control and consistency across all OEM devices with the improved security and a better overall experience for employees with BYOD devices.
    To learn more, see  Android (Legacy) Device Administrator Migration
     
  • The improved Passcode profile provides better support for the native Android functionality.
    The Passcode profile for Android has been updated to support native features for Android 9.0. You can now: 
    • Force a separate passcode for the Work and personal side of the device.
    • Increased the maximum amount of days for password expiration from 180 to 9999.
    • Set additional biometric passcode options. 
      To learn more, see Enforce Passcode Settings (Android ).
  • Keep your Work Managed and Corporate Owned Personally Enabled devices secure with an initial passcode.
    With the Set Initial Passcode option in the Passcode profile, you can now set an initial passcode at the device level on all deployed devices. After the deployment, it is possible to reset the passcode at the device level.
    For more information, see Enforce Passcode Settings (Android) Enforce Passcode Settings (Android ).
     
  • The QR Code wizard now gives you more flexibility with system apps during device enrollment. 
    For all your work-managed devices, enable system apps to keep non-critical system applications installed on your work-managed device, or select disable to remove these apps.
    To learn more, see Generate a QR Code Using the Enrollment Configuration Wizard.

Chrome OS

  • Provide beta or development versions of Chrome OS and test the pre-release versions prior to general availability​.
    Determine if the devices will receive beta, development, or production builds of Chrome OS with the Release Channel field in the System Updates profile. This is useful for testing builds before pushing updates to your entire device fleet.
    To learn more, see Configure System Updates Profile(Chrome OS).

iOS

  • Enable data protection for your devices at all times. 
    We now give you an option whether or not to clear the device passcode when checking in a shared device.
    To learn more, see Configure Shared Devices
  • Automatically convert on-demand apps to managed, if you choose to enable "Make App MDM Managed if User Installed". 
    If you now install an app as unmanaged (e.g. through the App Store), the console automatically converts the app to managed when the Make App MDM Managed if User Installed setting is enabled regardless if the App Delivery Method is automatic or on demand. 
    To learn more, see Add Assignment and Exclusions to applications

macOS

  • Rotate your recovery keys on-demand for better security compliance.
    A new security enhancement is added to the Device Details and Self Service Portal where the FileVault Personal Recovery Key (PRK) is automatically rotated 15 minutes after it is accessed by the user or the administrator.
    To learn more, see Personal Recovery Key Rotation
     
  • Control the restrictions for Smart card pairing on macOS 10.12.4 and later devices.
    We've now added a new profile payload to configure the settings and restrictions for the Smart Card usage.
    To learn more, see  Configure a Smart Card Profile
     
  • Restrict or allow capturing of screen recordings and screenshots.
    We added a new restriction key that disables the user's ability to take screenshots of the display or capture a screen recording.
    To learn more, see Configure a Restrictions Profile

Mobile Content Management

  • Select multiple files and delete them at the same time using the AirWatch Managed Content List View.
    AirWatch Managed Content List View now supports bulk file removal.
    To learn more, see Content Management List View.
     

Tunnel

  • We're getting ready for something new. The Workspace ONE Tunnel for Windows app needs a new framework and additional settings for its upcoming release.
    In the UEM console, you will see new settings referring to Workspace ONE Tunnel for Windows. Wait to use these additional settings till our new app is available.
    To learn more, see Configure Per-App Tunnel Profile for Windows Desktop App.
  • It's time to move your Safari Domains from iOS VPN Profile Payload to Device Traffic Rules setup.
    We've removed the Safari Domain section from the VPN Profile XML. If you are upgrading to 1907 from an older version, plan for a smooth migration strategy and move all your Safari Domains from iOS VPN Profile Payload to Device Traffic Rules setup. 

Windows

  • Looking to keep your Windows 10 devices configured to industry best practices? The Baselines feature is now available to all customers.
    Baselines allows you to keep your devices secure and aligned with industry standards such as CIS Benchmarks. With Baselines, you can set and manage your preferred configurations completely over the air without any dependency on VPN or your domain. You can also create custom baselines using GPO policies. New enhancements to Baselines include editing and deleting your custom baselines.
    To learn more, see Using Baselines

To view full release notes with resolved issues and known issues for 1905, see 1905 Release Notes

Workspace ONE UEM console

  • Get the most out of AirWatch Express with the new default configurations​.
    • Location collection is now turned on by default for new AirWatch Express deployments. . End users will now receive a confirmation prompt on their devices asking for permission to collect location data. If granted, location data appears in Device Details on the UEM console.
    • App Catalog is now enabled by default for new AirWatch Express deployments. After enrollment, the App Catalog webclip appears on the device home screen and allows end users to see all assigned apps.
    • Quickly unlock iOS devices placed in Lost Mode from the actions toolbar on the Device Details view.
  • Several configuration improvements have been made to AirWatch Express that impacts location collection, app catalog, and lost mode for the iOS devices.
  • Retrieve your user accounts and groups with the all new SCIM API.
    A new SCIM API helps retrieve all the groups that a user belongs to. 
  • Auto-approve your applications from the Office 365 Getting Started wizard.
    The Office 365 Getting Started Wizard lets you automatically approve Office 365 apps for Android Enterprise. This is now the normal flow.
  • Export your reports to XLSX files, just like CSV files.
    In addition to exporting CSV files, you can now export list views and reports as XLSX files. With this new choice, you can avoid the formatting issues caused by CSV formats.

Workspace ONE Intelligent Hub

  • Easily activate your Hub Services if you are already using VMware Identity Manager and Workspace ONE UEM.
    You can now easily enable Hub Services if you are already using VMware Identity Manager and Workspace ONE UEM.
    Just enter your existing VMware Identity Manager URL to activate Hub Services. No need to reenter the admin user credentials again. We use the one you already provided to link VMware Identity Manager and Workspace ONE UEM.

iOS

  • Start reporting on both physical SIMs and eSIMs with the new dual SIM support.
    Admins can now report on both physical SIMs and eSIMs configured on supported iOS devices like the iPhone XR, XS and XS Max.

Mobile Content Management

  • Add wildcard values to stop your users from creating manual repositories and sub folders.
    You can now use the wildcard character (*) at the beginning and the end of the file path to stop your users from creating manual repositories and sub folders using the manual template.

Rugged

  • Add apps to the Launcher profile with the ease of automation.
    You can now create dynamic rules to automatically whitelist apps added to a Launcher profile. These rules support wildcard characters in the App Field. After you add a wildcard, the app icon displays as a bundle of apps and appear in the Launcher in the available space. You do not need to republish the app every time you add a new app.
  • We've extended Content Delivery Network (CDN) to VMware Workspace ONE Launcher.
    Content Delivery Network (CDN) is now extended to VMware Workspace ONE Launcher. During enrollment, when the Launcher is pushed to the device it is pushed through CDN instead of Device Services. This improves the performance of Launcher delivery to devices and reduces the server load when new version of Launcher is deployed.

Windows

  • Make the most out of your Dell devices with the updated BIOS profile and Dell Command | Monitor integration.
    You no longer need to manually push Dell Command | Monitor to your Windows Desktop devices to use the BIOS profile. When you push the profile to your devices, Workspace ONE UEM automatically pushes Dell Command | Monitor to the devices.
  • Give knowledge to the users. Enable a progress display for Windows Desktop devices enrolling using the Out of the Box Experience (OOBE) workflow.
    The new progress display informs the user what is happening behind the screen during the OOBE enrollment. You can also allow your users to skip OOBE after a specific timeout period.

  • End-user devices no longer require Intelligence Hub to use the Windows Desktop Antivirus profile.
    Now it is easier than before to keep your Windows Desktop devices secure with the Windows Defender as we no longer require agent with the updated Antivirus profile for Windows Desktop devices.

  • Devices have a huge number of attributes associated. Harness the power of Sensors to target the specific devices you want.
    Windows Desktop devices have tons of attributes to remember such as hardware, OS, certificates, patches, apps, and more. To track all these attributes, we created Sensors. Now you can create a sensor for a specific attribute and view this data in Workspace ONE Intelligence by creating visualizations on dashboards and customizing reports.”

To view full release notes with resolved issues and known issues for 1904, see 1904 Release Notes

Workspace ONE UEM console

  • We are happy to provide you a better login experience.
    Administrators can now save their user name and passwords in the browser cache that can be used for subsequent logins.
  • Easily identify your devices. We added a new device identifier called Public IP Address in the Device Details and Device List View.
    Public IP Address is added to the Device Details, Device List View and the Privacy Settings page so you can limit access to it per your business and end-user needs.
    View the Public IP Addresses for your devices by navigating to Devices > List View, then select the Layout button and customize the column selections. You can find Public IP Address in the Network tab of Device Details view. Change privacy settings regarding your devices' Public IP Addresses by navigating to Groups & Settings > All Settings > Devices & Users > General > Privacy in the Network section.
  • The new My Services Selector gives you access to your Hub Services from the UEM console. 
    You can now access Hub Services from the Workspace ONE UEM console with the My Services Selector. The selector is available in the Header Menu of nearly every page of the console.
  • We now offer SAML authentication for multi-domain configurations.
    Administrators (only) can now use the SAML authentication in multi-domain environments for Workspace ONE UEM, expanding the utility of the already trustworthy authentication protocol beyond single-domain configurations. Support for multi-domain environments is enabled by default, and there is no system setting required.
  • AirWatch Express now gives another option to communicate with user devices with SMS messaging.  
    Start using SMS Messaging in AirWatch Express.The SMS configuration page is now available in AirWatch Express. To use the functionality, an account with a supported SMS provider is required. You can enable SMS messaging by navigating to Groups & Settings > Configurations > SMS, then complete the settings options including Gateway Type and Password.

Android 

  • It's time to get started with the Google's Firebase Cloud Messaging service.
    As of April 10, 2018, Google announced that they are deprecating Google Cloud Messaging in favor of a new cloud-messaging platform called Firebase Cloud Messaging (FCM). Once GCM has been deprecated, customers enrolling new devices into GCM enabled environments can experience extended delays in communication between the Workspace ONE UEM Console and Android devices. 
    All customers are encouraged to upgrade their VMware Workspace ONE UEM Console, Workspace ONE Intelligent Hub application, and Workspace ONE application to the versions that contains support for Firebase Cloud Messaging. 
    For more information, look for Upcoming Changes to Cloud Messaging Services in Environments Utilizing Android Devices in My WorkspaceONE portal.

Content Management

  • The new just-in-time content caching strategy that eliminates high memory usage.
    We have re-designed content cache for better performance.The new strategy caches only the folders and the content records that are accessed by the users. Folders are cached individually, as opposed to the old structure that caches the entire repository.

Email Management

  • Start customizing the attributes that are used in the API calls to Google Suite.
    We now offer the ability to change the user attribute for Google Suite Provisioning. Customize the attributes that are used in the API calls to Google Suite by specifying an alternate attribute instead of the user's email address. 

iOS

  • Stop your users from modifying the personal hotspot setting​s.
    You can now restrict your users from modifying the personal hotspot settings and prevent Siri from logging the data back to its servers on iOS 12.2+ devices.

macOS

  • We now support Hub Services on macOS Intelligent Hub 19.04.
    The UEM Console 1904 brings support for macOS Intelligent Hub 19.04 features that includes enhanced catalog, People, Notifications, and custom Home tab. 
  • New and improved FileVault Encryption profile.
    The Disk Encryption profile now supports MDM deferred enablement. The profile update also comes with more granular controls over Hub behavior for encryption enablement and recovery key escrow. 

Rugged

  • Tighten the security of your Relay Server. Relay Server configuration now supports HTTPS protocol.
    You can now select the HTTPS protocol when you configure a relay server, including the configuration of a Stage Now barcode. Take advantage of this support by configuring an HTTPS endpoint using the web server config tool of your choice (for example IIS). You must also navigate to Devices > Provisioning > Relay Servers > List View, select Add, followed by Add Relay Server, then in the Device Connection tab, select 'HTTPS' as the Protocol.

Windows

  • Keep your Windows Desktop devices safe from harmful communications with the new Firewall profile.
    The new Firewall profile contains new settings for Windows 10 devices. Now you can configure different behaviors for domain, public, and private connections. You can also add your own custom firewall rules.
  • We made maintaining Dell Provisioning for VMware Workspace ONE provisioning packages easier with templates.
    Templates let you configure the settings for a provisioning package including the apps and save the settings for later use. We've also added the ability to edit and delete existing provisioning packages.
    If you have existing PPKGs when you upgrade to 1904, they will be removed as they no longer support the new workflow. You will need to recreate your existing PPKGs.
  • Give the users their apps. Add user context apps to your provisioning packages for Dell Provisioning for Workspace ONE UEM.
    You can now add user context apps to provisioning packages. These apps are installed when a user signs into a device for the first time.
  • Sometimes a baseline just needs a little tweaking.
    You can now customize the default ADMX settings in your Windows Desktop Baselines. This customization is in addition to adding additional ADMX policies.

To view full release notes with resolved issues and known issues for 1903, see 1903 Release Notes

Workspace ONE UEM console

  • Switch between all the Workspace ONE services you have configured.
    You can now switch between all your Workspace ONE services using the new bento icon in the header menu. Give it a try by selecting the new icon, located to the right of the account name. This feature is enabled by default.
  • Smart Group filter criteria is getting smarter.
    You now have two new and useful categories available when you create a Smart Group: Management Type and Enrollment Category. 
    Management Type lets you target devices on a cross-platform basis that are managed by MDM or an application like Boxer or Content. 
    Enrollment Category lets you drill down further into only the Apple or Android device pool, isolating devices by their specific enrollment path. For example, you can target only Apple devices that were DEP enrolled or only Android Enterprise devices. See the full complement of Management Types and Enrollment Categories by navigating to Groups & Settings > Groups > Assignment Groups and select the Add Smart Group button.
  • Get access to the message templates that are specific to your enrollment flow.
    When you add missing active directory users to your user groups, you now have access to message templates that are specific to your enrollment. This means your users can receive an enrollment message that takes your configuration into account. For instance, if enrollment is restricted to only registered devices with a token, you can send those users an enrollment email that reflects this configuration and includes the token. Take advantage of this feature by navigating to Accounts > User Groups > List View, select Add then Add User Group, then enable the option Send Email to User when Adding Missing Users and select the Message Template that best suits your needs.
  • Now you can have one group of admins creating the tags for your devices and leave assigning the tags for a different group.
    Device tag assignment is enhanced. You can have one group of admins tasked with creating all the tags for your devices and leave the bulk-assignment of those tags to another admin group.
    Take advantage of this feature by navigating to Accounts > Administrators > Roles and add the new 'Device Bulk Management assign Tags' resource to your admin roles accordingly.
  • We are giving you more flexibility while managing your devices as the AirWatch Express now supports three new Device Actions.
    AirWatch Express now supports Clear Passcode, Device Wipe, and OS Update (for iOS and macOS). 
    Navigate to Devices > List View, open the device Details View by selecting the friendly name from the list view, then select the More Actions button.
  • Configure service account based mobile flows connectors from the Workspace ONE UEM console.
    Administrators can now enter the service account credentials on the console while configuring out-of-the-box (OOTB) connectors.
  • Extended the utility of Identity Manager as the authentication source for Workspace ONE Intelligent Hub.
    Previously Identity Manager and its Multi-Factor Authentication capability only enabled UEM Active Directory users to authenticate, now UEM basic/local users can be authenticated by Identity Manager in Intelligent Hub. 
    Additionally, Identity Manager can now be used for Android staging and shared device enrollment in Intelligent Hub. Currently this functionality is available on Android only and will be available on iOS in a future release.
  • We offer single sign-on access to the Intelligent Hub app and the resources without asking you to reauthenticate.
    You can now enable basic User Sync to add local users to VMware Identity Manager Local UEM directory. When basic accounts are synced, you can use the Workspace ONE Intelligent Hub for single sign-on access to the resources.
  • We have introduced Quick filter search for your payloads.
    We now have a search bar that easily helps you narrow down the desired payload on the profiles modal. Search for the payloads by typing a text search string in the Search Payload search filter.
  • We have enhanced our security that restricts the enrollment flow from creating a new enrollment user in the Single User Advanced Staging flow.
    We no longer allow our users to create other enrollment users in the Single User Advanced Staging flow. Users are only allowed to enroll a device on behalf of another existing user.
  • Clear all your console notifications with a single button.
    You can dismiss all active notifications and send them to the Dismissed alert listing. Try it yourself by selecting the Bell icon in the upper-right corner of Workspace ONE UEM console screen, and select Dismiss All. There is no setting to enable this feature, it is enabled by default.

Android 

  • Customize firmware updates performed on your mobile enterprise devices.
    Android updates page in the Workspace ONE UEM console has additional options to customize updates for Samsung Enterprise Firmware Over the Air (EFOTA).
    ​To configure the following Android Samsung EFOTA Android Updates, navigate to  Devices > Lifecycle > Updates and select the Android tab:
    • Install method
    • Deployment start and end time
    • Server Time Zone
    • Network
  • We have reached End of Support for the Play Store Integration Service.
    VMware reached End of General Support for the Play Store Integration Service on December 15th, 2018 as announced in December 2017 for the customers using the Android (Legacy) deployment method. Existing Android (Legacy) customers who use the Play Store Integration Service to search and add public Android apps to the Workspace ONE UEM console are encouraged to set up Android Enterprise to use the official Play Store search experience. 
    Want to know more? Look for the End of General Support for the Play Store Integration Service knowledge base article on My Workspace ONE portal.

iOS

  • We now assist users to easily install the MDM profile during the enrollment of BYO iOS 12.2+ devices
    Users will now see instructional screens in Safari during the enrollment of devices running the latest iOS version and above. This version now requires users to manually navigate to the iOS Settings app to install the MDM profile instead of automatically taking the user there.
  • Get accurate feedback on the current status of an enterprise wipe or device wipe of activation lock enabled iOS devices.
    Administrators now have better clarity while wiping activation lock enabled iOS devices and more efficiency while deleting them.
  • Get an accurate count of licenses and their redeemed status for Apple Business Manager applications.
    Administrators can now see a consolidated, more accurate count of licenses, and their redeemed status for Apple Business Manager and Apple School Manager applications.

Mobile Application Management

  • Manage your Horizon, Citrix or Thin App resources from within Workspace ONE UEM with the all new Virtual Apps Collections.
    In addition to Web applications, you can integrate Horizon desktops and applications, Horizon Cloud desktops and applications, Citrix published resources, and ThinApp applications within Workspace ONE UEM with the integration of Virtual Apps Collections.
  • We now offer a native peer distribution system to deploy your Win32 applications to enterprise networks.
    You can now configure Workspace ONE UEM native peer distribution that uses the Windows BranchCache feature. However, the native peer distribution system will be behind the feature flag during the first few releases. If you like to try out our technical preview feature, contact Workspace ONE UEM representative and ask them to have the “WorkspaceOneP2PBranchCacheFeatureFlag” enabled. 

Rugged

  • We have made the Content Delivery Service transfer faster.
    An enhancement has been made to the CDS transfer speed. By implementing a new file transfer methodology, our designers have enabled transfers to relay servers be made in parallel, simultaneously, rather than in series as before. There is no system setting for this feature, this setting is enabled by default.
  • Determine whether or not a particular file exists on an Android device before you apply an action. 
    You can set the file condition as an extra criteria to download and/or install a product based on the existence or nonexistence of a file. Make a condition using this criterion by navigating to Devices > Provisioning > Components > Conditions, select Add Condition, select Android as the platform, and select File in the Condition drop-down menu. The new file condition works only on Android devices that have 19.03 version of Intelligent Hub. 
  • We keep improving the Product Provisioning Performance.
    A significant performance improvement has been made to product provisioning. Currently, if a device fails to process a provisioned product, it requires a manual intervention in the form of a force reprocess. The improvement triggers the automatic retry of a product push when it detects a push failure rate of up to 5%. It makes a maximum of three retries per device, which should minimize the number of manual forces reprocesses you make. Enable this feature when you make a Product by navigating to Devices > Provisioning > Product List View and select Add Product followed by the platform. The Auto Retry check box appears in the Deployment tab.

Tunnel

  • Quickly configure per-app Tunnel for the enterprise access.
    We have built a new admin experience to simplify deploying and managing Tunnel settings. To get started, navigate to Groups & Settings > Configurations > Tunnel.

Linux

  • Enroll devices running any version and build of Linux into your Workspace ONE UEM deployment.
    You can now enroll your Linux devices with Workspace ONE UEM. Enroll devices running any version and build of Linux on x86_64 or ARM7 into your Workspace ONE UEM deployment by installing the Workspace ONE Intelligent Hub on the device, and then you can view the device from the Workspace ONE UEM Console.
    To download the Workspace ONE Intelligent Hub for Linux, your organization must be whitelisted with Workspace ONE UEM. Please contact your account representative to receive access to the download file.

Workspace ONE UEM Productivity App Release Notes

Want to see our Productivity App documentation? Look at Workspace ONE Productivity App Documentation.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components.

End of Support Announcements

Workspace ONE UEM console Release and End of General Support Matrix​ provides the general availability, end of availability and the end of support dates for all Workspace ONE UEM console Release.