check-circle-line exclamation-circle-line close-line

Learn about new features and the enhancements made in each of the productivity apps, related products, and the Workspace ONE UEM Console releases. Get quick access to the UEM Console change log, interoperability matrix, and our important end of support announcements.

Workspace ONE UEM Console Change Log

By allowing gradual rollout of our software initially into the Shared SaaS environments, SaaS Ops together with Engineering is able to monitor the success of the updates prior to making the software generally available to on-premises customers. On-premises components will be made available to our customers within a few weeks after our Saas release.

To view full release notes with resolved issues and known issues, see 2006 Release Notes

Console

  • Console event Logs now displays the product name.
    Console events only displayed Product ID, but now they show the product name.
  • Configurable Hint for Enrollment Log In.
    You can configure a friendly hint (or not so friendly, it's up to you) to end-users enrolling their devices. You can be as specific or generic as you like. For example, if their enrollment log in is the same as their Active Directory credentials, then say so. You can also include a link they can click to get help. This feature is currently supported by Windows devices only.
  • We now support Avi Networks (VMware NSX Advanced Load Balancer) for all Workspace ONE Services.
    We've integrated Avi Networks with Workspace ONE UEM deployments. For more information, see Avi Vantage and VMware Workspace ONE UEM.

Android

  • We've simplified your migration. You can silently and remotely migrate Zebra devices running Android 7 or later into Work Managed mode without a factory reset or a reboot.
    As we deprecate Device Administrator support, we want to provide you with easy ways to migrate your devices enrolled under Android (Legacy) to Android Enterprise. For more information, see Android Legacy Migration.
  • Gather location data without sacrificing your device battery life.
    Google has created the Fused Location Provider API. It is a simple and battery-saving location API for Android. We've added a new device setting to support this API, Location Data Accuracy, that allows you to gather location data more accurately without sacrificing battery life. For more information, see Devices & Users / Android / Hub Settings.

macOS

  • We now support MDM Bootstrap Token in macOS 10.15.
    For User Approved MDM enrolled devices on macOS 10.15 Catalina, a Bootstrap Token will be automatically generated and escrowed to Workspace ONE UEM on the next login by any user who is already SecureToken enabled. This Bootstrap Token will then be used to automatically grant a SecureToken to mobile account users and the optional managed administrator account created during Apple Business Manager enrollment. For more information, see MDM Bootstrap Token.

Mobile Content Management

  • Make use of the Device service to get the updated device status.
    To get the updated device status, use a device service endpoint instead of the existing dbo.Device table. The dbo.Device table is deprecated and is no longer updated with the device status.

Rugged

  • Introducing the Relay Server Cloud Connector.
    A Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content from a service endpoint and distributes it to your relay servers. This design initiates an outbound connection from your network to the VMware cloud to download content for distribution. Such an outbound connection represents a security advantage over other relay server designs. For more information, see Configure a Relay Server.

Windows

  • Workspace Intelligent Hub for Windows now supports enrollment with Workspace ONE Access..
    If you use Workspace ONE Access as your identity provider, you can now enroll Windows 10 devices with Intelligent Hub for Windows. When you configure the source of authentication for Intelligent Hub, select Workspace ONE Access. Configure these settings in Devices > Device Settings > Devices & Users > General > Enrollment. For details, see Configure Enrollment Option.

To view full release notes with resolved issues and known issues, see 2005 Release Notes

Android

  • We've changed the way enrollment restrictions work for Android 10+ devices.
    When you enroll Android 10 or later devices into Work Profile mode, they will be held in for an evaluation period until we can collect the IMEI and Serial number. The UEM console lists the device as "Enrollment Pending" until the UEM console confirms if the IMEI or Serial number is on whitelisted or black listed. This ensures that the work data (apps, profiles, etc.) are not sent to an Android 10 device until Enrollment Restrictions are evaluated. For more information, see Enrollment Restrictions for Android.

iOS

  • Deploy the latest iOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

macOS

  • Streamline your SSO experience with macOS Identity & Certificate Preferences.
    If you deploy multiple client certificates, your users may be prompted at times to choose which certificate they should use for authentication. With this feature available in macOS User Certificate or SCEP profile payloads, you can define URL(s) which should automatically use this certificate, so that users do not need to select it each time they access the service. For details, see Configure a SCEP/Credentials Profile.
  • Retrieving Intelligent Hub logs for macOS just got easier.
    You can now remotely request Intelligent Hub log retrieval from macOS devices for troubleshooting from Device Details. If you are facing elevated privacy policies, this feature includes an optional setting to prompt the end-user for approval before collecting and transmitting the logs. This feature requires Workspace ONE Intelligent Hub 20.05. For details, see Request Device Log .
  • Deploy the latest macOS 10.15.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.

Apple Business Manager

  • Revoke your licenses automatically when you remove an Apple Business Manager iOS app.
    Apple Business Manager licenses for iOS apps that have been allocated but manually removed by the user will be automatically revoked and available for distribution. For details, see Revoke Licenses From Uninstalled Applications.

Windows

  • We let you enter your own application version for Windows SFD applications.
    You can now edit the actual application version and the version field for SFD applications of type EXE and Zip. This new feature is applicable only when you upload a new EXE or Zip file. For all the existing applications, you can add a new application version, and the version field appears as read only for the for the newer version you add. For details, see Configure Win32 Files for Software Distribution.
  • Re-establish communication between Windows 10 devices and the Workspace ONE Intelligent Hub for Windows.
    Certain events can cause communication problems like HMAC errors and failed upgrades of the Workspace ONE Intelligent Hub for Windows. You can fix these communication problems with the new Repair Hub action on the Device Details page of Windows 10 Devices. You can also use this action to re-install the Hub. Find this setting in Devices > List View > select the Windows Desktop Device > More Actions > Admin > Repair Hub. For details, see Windows Desktop Device Details Page.

SDK

  • We've made changes to User Certificate Credential Source behavior for SDK-built apps.
    When users are configured to receive SMIME certificates along with their other custom SDK configurations but they don't have an associated SMIME certificate, the system no longer stops other custom SDK configurations from processing. Find Certificates for the custom SDK profile in Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add > SDK Profile > Credentials Payload.

Tunnel

  • Android Enterprise devices now support SCEP generation of Tunnel Client certificates with key length 4096 when using the AW (Default) Certificate Authority..
    To send a Tunnel client certificate for Android Enterprise devices via SCEP, re-save your Tunnel configuration. All new certificates generated will use SCEP with the increased key length. There is no immediate impact on the devices with existing profiles.

To view full release notes with resolved issues and known issues, see 2004 Release Notes

Android

  • Control how widgets work in a Work Profile.
    The Allow apps to utilize widgets in the Work Profile restriction controls whether users can use widgets from apps added to your work profile. When enabled, you can add public app widgets. For more information, see Configuring Restrictions for Android Device with Workspace ONE UEM.
  • Apply custom filters to know how your devices are enrolled in Workspace ONE UEM.
    We've added a custom filter to the List View that quickly lets you view how your devices are being managed. The new Custom View column indicates if the device is Android (Legacy), Work Profile, COPE, and/or Work Managed. For more information, see Android Device Management.

Chrome OS

  • Want to document why a Chromebook is being enterprise wiped? Now you can.
    When you enterprise wipe a Chromebook device, a new option displays that lets you select if you are wiping the device for replacement or deprecated device. For more information, see Device Management Commands for Chrome OS Devices.

Windows

  • Dell Provisioning for VMware Workspace ONE got a new name. It's now called Factory Provisioning.
    We've updated the name of Dell Provisioning for VMware Workspace ONE to Factory Provisioning. The functionality remains the same. For more information, see Factory Provisioning.
  • We've updated the Antivirus profile for Windows Desktop.
    The Antivirus profile that works with your Windows Defender Antivirus system now includes more options. Set levels for Cloud Protection, identify potentially unwanted applications, enable tamper protection, and prompt for user consent. Find the Antivirus profile for Windows Desktop in the console at Devices > Profiles > List View. See Configure an Antivirus Profile (Windows Desktop) for details.
  • Defer your application installation during app assignment.
    You can now defer app installation during the app assignment. You can make these changes while adding app assignments and policies to your Win32 Applications. For more information, see Add Assignments and App Policies to your Win32 Applications.
    Note: App deferrals is a tech preview feature and may not be available in all environments. Consider limiting your use of this feature for testing purposes only. App deferrals must not be used in a production environment. Features are not final and are subject to change at any time.

Rugged

  • We've made a few improvements to product provisioning deactivation.
    If you find yourself in a situation where you must cancel an ongoing product provisioning deployment (due to provisioning misuse or an issue with the product content), you can use the improved deactivation flow. In addition to clearing the device command queue, cancelling the in-progress jobs and clearing commands from content service table, the new deactivate flow checks whether the product is active before processing and deletes content items from the content service table.

App Management

  • App assignment has a fresh new look.
    Check out the new assignment experience for all your apps with complete API support. We've streamlined how our app configuration works with Smart Groups. For more information, see Add Assignments and Exclusions to your Applications.
  • Configuring Workspace ONE Boxer just got easier.
    Common configurations supported by Workspace ONE Boxer can now be configured from the Apps & Books section. You can also configure Boxer for internal app deployments. For more information, see Assign and Configure Workspace ONE Boxer.
  • Configure Notebook application from the Apps & Books section.
    Configure your Workspace ONE Notebook app for both managed and unmanaged devices using the app assignment in the Apps & Books section. This new feature is available if you are using Notebook version 1.4 or later. For more information, see Assign and Configure Workspace ONE Notebook.

Content Management

  • View the exact count of Smartfolio users who acknowledged your document.
    Smartfolio users can now acknowledge the documents that you assign to them as required content. On the Workspace ONE UEM console, you can view these acknowledgments in the Content List View and the Device Details pages. For more information, see Acknowledgement in Smartfolio.

To view full release notes with resolved issues and known issues, see 2003 Release Notes

Workspace ONE UEM Console​

  • See an on-screen notification if your report exceeds the size limit.
    If you request a report that is bigger than the size limit, it is now represented in Monitor > Reports and Analytics > Exports with a new status label called "File size exceeds limit". The new Exports status appears if your report needs more file space than the 4GB hard limit.
  • We've made a few updates to SAML and Directory Authentication in Workspace ONE Express.
    When setting up SAML on the Directory Services configurations page in Express, you can now export the service provider's settings without any issue. Also, directory authentication is enabled for Express organization groups, which means, you can now enroll devices with directory authentication.
  • Leverage the event data to consume Workspace ONE API's based on UUIDs.
    We've added the EnrollmentUUID and DeviceUUID attributes to event notifications. These additional identifiers are associated with the user and device.

Android

  • Retrieve feedback reported by OEM config applications for quick detection of errors.
    Use the feedback channel to get granular app feedback and troubleshooting information sent by apps. For more information, see Retrieve Feedback from OEM Config Applications.
  • Control which Google accounts can be used within the Managed Google Play Store.
    Sometimes you may want to allow people to add G-Suite accounts to access corporate email, or personal accounts (to read mail in Gmail for example) but do not want the unmanaged Google account to access an unrestricted Google Play. With the new Allowed Accounts in Google Play setting in the Restriction profile, you can choose whether to restrict or allow non-Managed Google Play Access. You can set a list of accounts people can use in Google Play. For more information, see Restriction Profile.
  • Restrict personal apps from sharing data with work applications.
    Allow personal apps to share data with work apps in the Restriction profile now lets you prevent personal apps from sharing files, pictures, and data into the managed profile. For more information, see Restriction Profile.

iOS

  • Convert all your Apple Business Manager licenses in a single click.
    You can now convert any user-based licenses synced from Apple Business Manager to device-based licenses by selecting one, multiple, or all the applications for a given organization group. For more information, see Configure Licenses and Assign with Flexible Deployment.
  • Keep your custom Apple apps up to date.
    You can now enable automatic updates for Apple Custom apps synced from Apple Business Manager. Any device that reports an app that is not on the latest version will have the app updated automatically.
  • Remote Assist Process Streamlined in Device List View and Details View.
    It now takes fewer clicks to start a Remote Assist session on a qualifying device from the UEM console's Device List View and Details View. Your remote sessions for troubleshooting and performing advanced configurations on devices in your fleet are initiated swiftly because you select the specific Remote Assist client tool before you connect. For more information, see Device List View.

Windows

  • Get access to your BranchCache performance data from both the device and the server.
    The new Peer Distribution Panel under Apps&Books > Native > List View > Application Details give you a heads-up on the number of devices that have downloaded the application using the peer distribution, the amount of data downloaded, and the source of the downloaded data. The application Devices tab now gives you individual BranchCache performance data for each of your devices. For more information, see Device List View.
  • The communication resiliency for Windows 10 got better with automatic HMAC recovery.
    Workspace ONE UEM automatically checks the HMAC on Windows 10 devices. If the system identifies a corrupt or missing HMAC, it triggers an HMAC recovery. It sends it through the native OMADM channel to the Workspace ONE Intelligent Hub to re-establish communication.
  • Keep your apps installed on your devices.
    With the new Desired State Management setting, you can now protect your managed apps from removal from your devices. For more information, see Add Assignments and App Policies to your Win32 Applications.
  • Deploy profiles with the new Windows - AAD Enrolled smart group category.
    Use the new Windows - AAD Enrolled category in smart groups when you want to exclude or include Windows 10 devices depending on their management status. For example, configure the General payload of a Credentials profile to exclude a Windows - AAD Enrolled smart group so you can deploy certificates to managed devices but not to OOBE devices. When creating smart groups, find the new Windows - AAD Enrolled category in Criteria Type > Enrollment Category. When configuring profiles, go to the General payload and select the group with Windows - AAD Enrolled configured for Smart Groups or enable Exclusions and select the same for Excluded Groups.
  • We've updated the integration of the Dell Command | Update (DCU) with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities and alligns with the latest DCU 3.1 release from Dell.
    We've updated the integration of the Dell Command | Update with the Workspace ONE UEM console that provides command-line interface (CLI) capabilities. With the new version of Dell Command | Update, we'll have a few workarounds and scripts that maintain CLI use. Watch VMware's Tech Zone (https://techzone.vmware.com/) for news about the integration and next steps.

Content Management

  • Automate your content gateway settings in the UEM Console.
    Now you can create configuration files in the UEM console for UAG deployment. These files simplify deploying your content gateway servers deployed through UAG. For more information, see Configure Content Gateway on the UEM Console.

Rugged

  • Android Application Provisioning Supports Per-App VPN.
    Per-App VPN is now supported for provisioning applications to Android devices. When you configure an Android app to be provisioned with the per-app VPN option, a VPN automatically connects when that Android app is launched and routes all the app traffic through the VPN. For more information, see Create a Product.
  • Product Provisioning Now Supports CDN.
    The struggle for bandwidth in your provisioning environment just got a little easier now that support for Content Delivery Networks (CDN) has been introduced. With this option enabled and configured, CDN can lighten the distribution of product loads to offload traffic from your network. For more information, see Configure a CDN for Provisioning.

Tunnel

  • Configure detailed Unified Access Gateway settings from the UEM console.
    You can now set advanced configuration settings for the Tunnel gateway directly from the UEM console without needing to login to your UAG servers. For more information, see Configure Per-App Tunnel.

To view full release notes with resolved issues and known issues, see 2001 Release Notes

Workspace ONE UEM Console​

  • Apply as many filters as you like with the new device filter.
    We've greatly improved the way filtering works on devices in the Device List View. You can now apply as many filters as you like and the device listing does not update until you select the Apply button. This saves you time waiting for the console to update with each filter selection.
  • Presenting Terms of Service (TOS) agreement for our SaaS customers.
    SaaS customers logging in to the console for the first time are now presented with a Terms of Service (TOS) agreement for VMware Cloud Service Offerings. After acceptance, subsequent logins by any administrator are not presented with the same TOS. For details about the contents of the agreement, see VMware Cloud Service Offerings.
  • View all your managed devices connected with the same Wi-Fi router in the Device List View Custom Layout.
    You can now include the Service Set Identifier (SSID), known commonly as the Wi-Fi network name, in the Device List View. This new column makes it easy to show all managed devices connected with the same Wi-Fi router. Enable this new column by selecting the custom layout option and select SSID from the list of available columns.
  • Your reports no longer consume excessive disk space.
    A hard limit of 4 GB has been placed on the size of your Workspace ONE UEM reports. This limit prevents potentially excessive processing cycles devoted to creating oversized reports. For more information, see Generate Reports.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.

Android

  • Enroll and manage your GMS and non-GMS Work Managed devices within the same organization group.
    In order to avoid having to create several organization groups to manage GMS and non-GMS devices, we've updated our QR code enrollment to include an option that forces AOSP/ Closed Network Enrollment. When this is enabled in the QR code enrollment settings, your device enrolls as AOSP/Closed Network, regardless of the Work Managed Enrollment Type set in the Android enrollment settings. For more information, see Generate a QR Code Using the Enrollment Configuration Wizard.

Chrome OS

  • Start configuring, renewing, and revoking your certificates from the UEM console.
    With the Workspace ONE UEM Extension for Chrome OS, you can fully manage user and device level certificates. For more information, see VMware Workspace ONE UEM Extension for Chrome OS.

iOS

  • Update your Apple Custom apps with a single click.
    You can now push updates to Apple Custom apps that are out of date.

Windows

  • Define your Baseline assignments with the new Exclusions feature.
    You can now exclude specific smart groups from assignment when assigning Baselines to your Windows 10 devices. This feature allows you to assign the Baseline to a large smart group and then refine the assignment to exclude specific, smaller smart groups.
  • Ensure your data is protected on Windows 10 devices even after a device wipe.
    The Encryption profile now supports keeping the system encrypted at all times. This includes after removing the profile, wiping the device, or any break in communication with Workspace ONE UEM to your Windows 10 devices.

To view full release notes with resolved issues and known issues, see 1912 Release Notes

Workspace ONE UEM Console​

  • VMware Identity Manager is now Workspace ONE Access.
    Our Intelligent Access for the Digital Workspace is now called Workspace ONE Access.
  • We've enhanced the console response for deleted devices.
    When you delete a device from the console, the response you see no longer conceals the device's friendly name, allowing you to identify it.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.
  • The System help page under All settings > Admin > Diagnostics lost its home. But we’ve made sure to retain some of its functionality it served for the cloud connector.
    You can now check the cloud connector status by using Test Connection. It gives you the same information as the System health check page did.

Android

  • PIV-D Manager is not limited to Android Legacy devices anymore. PIV-D Manager now supports Android Enterprise devices.
    Push the PIV-D Manager to your Android Enterprise deployment. Use it with Workspace ONE Boxer, Web, Wi-Fi, and VPN systems along with your derived credential provider. This iteration does not support using Gmail with derived credentials on Android Enterprise. For details, access Use Profiles to Control How Android (Enterprise) Devices use Derived Credentials Certificates.

iOS

  • Keep your iOS devices up to date and running the latest, feature-rich iOS releases.
    Manage the operating system updates of your iOS devices with the new Updates framework. With the new framework, you can force devices to download and install any iOS update available for the device. You can also notify users when each step finishes. A new reporting dashboard allows you to track the rollout of each update to your devices and drill into specific devices for a more detailed list of updates for the device.
  • Experience a modern UI for User Enrollment and Custom Enrollment.
    Users enrolling with the newly released User Enrollment for BYOD and Custom Enrollment for devices added to Apple Business Manager will experience a modern and refreshed interface to align with Workspace ONE Intelligent Hub's enrollment view.
  • Provide additional controls to your corporate iOS 13+ devices for Wi-Fi and the Files app.
    You can now force on Wi-Fi for iOS 13 supervised devices as well as prevent connections to network drives from the Files app in the Restriction Profile.
  • Better deploy Custom Apps by seeing rich metadata in the Workspace ONE UEM console.
    You can now automatically sync in the metadata for Custom Apps being added via integration to Apple Business Manager similar to how public apps are achieved. For more information, see Activate Management of Custom Applications.

macOS

  • HelpDesk support just got easier with the cross-platform remote assist solution.
    Workspace ONE Assist is now available for macOS.For more information, see Remote View.
  • Enhanced security for managing local admin account with a unique randomized password for each device that can be viewed in the admin console.
    We've improved security for managing local admin account on macOS. Workspace ONE UEM also takes it a step further and automatically triggers a password rotation in 8 hours of when someone attempts to view the password in the console for a particular device.
  • We now automaticaly remediate devices missing the required certificates.
    We've improved the desired state management of macOS certificates by automatically remediating devices missing required certificates. To know more, see Certificate Profile Resiliency.

Windows

  • Control when your Windows 10 devices update with the improved Windows Update profile.
    We've enhanced the Windows Update profile to improve the user experience. We've condensed some fields, removed legacy options, and reorganized the layout a bit. We've also added the new Active Hours Maximum option that allows you to limit the number of active hours for device updates. You can also set reboot deadlines based on the type of update with the Engaged Restart Deadline options.
  • Creating Baselines is easier with our improved UI.
    We've improved the user experience for creating Baselines. Navigate custom policies easier with the new vertical layout. Reviewing additional policies is easier with the new collapsible layout.
  • Know the build your Windows 10 devices are using.
    We've improved the Device Details page to show the latest patch version or 4th decimal of the OS version of your Windows 10 devices under the Build Number field.

App Management

  • We've stopped collecting personal app information from your devices, even while enforcing app compliance or app control policies.
    We've made some changes to the personal app information collection when you set the privacy policy as ‘Do not collect'. For more information, see the Impact of Privacy Settings on the Application List Compliance and Application Control profile.
  • We’ve improved the user experience for all your Windows app installation.
    You can now choose to defer reboots until a more convenient time, or install multiple applications and reboot once they have all installed. For more information, see Device Restart.

Content Management

  • Managing your existing Manual Templates just got easier.
    You can now add links to an existing template.

Email Management

  • Rotate your G Suite Password without all the hassle as before.
    Rotate the Google Suite password for G Suite user accounts without having to enroll or unenroll a device.

Rugged

  • We've added support for domain usernames in Stage Now relay server credentials.
    You can now use domain-based usernames to authenticate Stage Now relay servers. Accepted formats for domain usernames are username@domain and domain\username. For more information, see Step 3 in Zebra Stage Now Special Characters, Android.
  • We're making your VMware launcher experience as close as possible to that of the native launchers. Pin icons to the hot seat bar and vice versa while using Workspace ONE Launcher.
    Add an app to the bottom bar while using Workspace ONE Launcher. This bar remains visible as users swipe to different launcher screens.

To view the full release notes with resolved issues and known issues for 1910, see 1910 Release Notes

Workspace ONE UEM Console​

  • We've made enhancements to the /users/ API.
    The GET /users/{uuid} and POST /users/ APIs now include new attributes such as aadMappingAttribute, department, employeeIdentifier, costCenter, customAttribute1, customAttribute2, customAttribute3, customAttribute4, and customAttribute5.
  • We've added a new API that automatically syncs User groups and Admin groups into the Console from the Active Directory or LDAP.
    Previously, administrators had to manually log in to the console to perform a group sync. We now have an API for the group sync action that enables automation. The new GET /GroupSyncActions/{uuid} API grabs the approval status of a group with the access token and a link to merge that group. The result also includes the details of members added to and removed from the group. The new POST /GroupSyncActions API merges the User groups or the Admin groups that are in the "Approval Request Pending" state.

Android

  • Display a personalized message when removing a work profile on an end user’s device.
    You can now choose to show your end-users a personalized message when you decide to remove a work profile.
  • We've increased security around non-strong authentication methods and passcode change notifications.
    The Passcode profile provides better security around non-strong authentication methods and passcode change notification.The Passcode Required Range lets you specify how much time elapses after the device has been unlocked with the non-strong authentication before the user is prompted to enter the passcode. The Passcode Change Alert text box lets you specify the amount of time prior to the passcode expiration that the user is notified to change their passcode.
  • We've upgraded the Launcher profile with additional configurations.
    You can now enable/disable Home and enable/disable Keyguard option in the Android Enterprise Launcher Profile.

Chrome OS

  • Securely manage user and device level certificates with the Workspace ONE UEM Extension for Chrome OS.
    The Workspace ONE UEM Extension for Chrome OS automatically installs on managed devices to provide secure provisioning of both user and device-based Microsoft ADCS certificates,and seamless connectivity to WiFi and web applications. Additionally, direct communication with the UEM console enables a faster device sync after enrollment and enhanced device visibility.
  • Remotely disable devices that have been lost or stolen with Lost Mode for Chrome OS.
    Lost mode for Chrome OS allows you to remotely disable devices that have been lost or stolen, and allows them to set a custom message displayed on the lock screen through the Chrome OS device profile. While disabled, the device cannot be used for any purpose. Devices can be re-enabled remotely once they are found.

iOS

  • Empower your apps with additional capabilities by remotely associating domains.
    Configure any domains that need association with their in-house or the third-party apps without manually including them in the app's entitlements file. This association can be used for advanced capabilities like SSO extension, universal links, and shared credentials. To know more, see Add Assignments and Exclusions to Applications.
  • Avoid the delays of accepting prompts and quickly get your students engaged with their apps.
    Students with Managed Apple IDs created in the Apple School Manager are no longer required to accept any prompts to install apps and books. Workspace ONE silently accepts these prompts on the Managed Apple ID's behalf with no admin interaction.
  • Take advantage of the latest communication standards for Apple Push Notifications.
    Communicate with Apple devices over HTTP/2 for Device Management and delivering push notifications to VMware Productivity Applications.

Windows

  • Use Sensors to monitor your 64-bit Windows 10 devices.
    Sensors for Windows Desktop Devices now supports controlling when PowerShell scripts execute based on the device architecture. You can limit a script to 32-bit or 64-bit only or force a script to run as 32-bit regardless of the device architecture. This enhancement reduces errors when using Sensors for 64-bit devices.
  • Know how your devices comply with your Baselines.
    The UEM console now reports a device's compliance to a specific Baseline. See the current compliance status of devices to the published policies of a baseline. Baseline compliance reporting uses a 15% compliance threshold before marking a device non-compliant.
  • Our Smart Groups are not just smart, they are flexible too. Start creating OEM-specific Smart Groups for your Windows Desktop Devices.
    We've added Windows Desktop OEM and Model Support to Smart Groups.
  • We’re working on a technical preview for Digital Employee Experience Management for Windows 10 deployments.
    Digital Employee Experience Management is a collaboration between Workspace ONE UEM and Workspace ONE Intelligence. With this feature enabled, the Workspace ONE Intelligent Hub for Windows sends telemetry data to Intelligence about OS and app stability and usage.
    In a soon-to-be-released version of Intelligence, you can see your data in dashboards to know what is working and what needs fixing. Use the dashboards to focus on specific analytics and use automations to mitigate possible issues and to fix problems when they happen.
    If you’re interested in starting to collect data, call your customer service representative to turn on this feature.

App Management

  • Experience consistent application status tracking on all your devices.
    We've enhanced different areas of the UEM console that deal with application deployment monitoring. The Workspace ONE UEM console now monitors apps and provides detailed application status based on the device reports and logs the actions taken in the UEM console.

Tunnel

  • We've added Device Traffic Rules support for Workspace ONE Tunnel on macOS.
    Create granular policies for use-cases like split-tunneling and domain filtering for macOS applications. Add apps and policies from the Tunnel's Device Traffic Rules and deliver them as a part of existing profiles.

To view the full release notes with resolved issues and known issues for 1909, see 1909 Release Notes

Workspace ONE UEM Console​

  • Participate in VMware's Customer Experience Improvement Program (CEIP).
    Workspace ONE UEM is now a participant of VMware's Customer Experience Improvement Program, which seeks to improve its products and services, to fix problems, and to advise you on how best to deploy and use our products.  As part of the CEIP, VMware collects the technical information about your organization’s use of VMware products and services regularly in association with your organization’s VMware license key(s).  This information does not personally identify any individual. For details regarding the CEIP, visit the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html.
  • Automatic retry makes for a robust profile installation experience. 
    We've added a new retry logic for profiles that fails to install on your devices. The new logic retries to install the profiles when your devices check-in.
  • Meet the newly designed Message Templates.
    The redesigned Message Templates now provides a better globalization experience. With the new system, admins using message templates only see templates for the active language. For example, if an admin uses the Workspace ONE UEM console with Japanese, they will only see Japanese message templates.
  • Keep close tabs on your shared devices with the new API event notification for check-in/check-out.
    We've added an API event notification that allows you to see when shared devices check-in/check-out. The event notification enables you to recognize usage patterns and help you keep tabs on these multi user devices. 
  • UEM notifications available as messages within Intelligent Hub are now available under Notifications. 
    If you have activated Workspace ONE Intelligent Hub Services and enabled Notifications capability, UEM notifications, such as Compliance issues, will be sent through the Notifications Service. This enhancement allows your employees to get all their notifications within the Intelligent Hub notifications page thereby providing a consistent experience. You no longer have to go to Accounts > This Device > Messages page within Intelligent Hub app to view UEM related notifications.

Chrome

  • Introducing the all new Dell Profile for your Dell-specific management capabilities. 
    With the launch of the Dell Enterprise Chromebook line, Dell has introduced some Dell-specific management capabilities with the new Dell Profile (Chrome OS)

iOS

  • Tighten your security posture with new USB drive access controls.
    You can now prevent the USB drive access to Files on iOS 13+ devices in the Restriction Profile
  • Specify how your iOS 13+ devices handle network traffic with the VPN profile.
    You can now set domains that Mail, Contacts, and Calendar accounts automatically connect to. Also, you can direct how the Virtual Private Network (VPN) client includes or excludes local network traffic.
  • Control how Voice Control works for iOS 13+ devices running in Single App Mode.
    Prevent or allow Voice Control capabilities for iOS 13+ devices when configuring the Single App Mode profile
  • Bring SSO functionality to your apps with the SSO Extension profile.
    The new Single Sign-On Extension profile for iOS 13+ devices let you provide targeted URLs for both redirect and credential-based SSO.
  • Customize the enrollment experience for devices synced from Apple Business Manager. 
    Deploy devices synced from Apple Business Manager (formerly DEP) with a set of customizable, branded web screens. These screens offer custom enrollment with advanced enrollment actions such as modern auth, multi-factor auth, and EULA acceptance.
  • We support a new privacy focused enrollment method that protects your personal data while still providing enterprise resources.
    Enroll all your iOS 13+ devices using Managed Apple IDs created in Apple Business Manager through federation to Azure AD. User Enrolled devices provide enhanced privacy focus that separates managed data from personal while still providing the core management capabilities such as installing apps, configuring Wi-Fi, and passcode requirement.
  • Refresh your eSIM configuration.
    Request iOS 13+ devices to refresh the eSIM configuration for a specific carrier by making changes in the Device Details page.  

macOS

  • Streamline the Setup Assistant experience with our new primary user account customization options. 
    Customize the primary user account information created in Setup Assistant on macOS 10.15 Catalina devices during an Automated Enrollment through Apple Business Manager. Make these changes when you create or edit the DEP Enrollment profile
  • Bring SSO and AD password syncing on your devices with the SSO Extension profile. 
    Configure app extensions that perform single sign-on with either the Generic or Kerberos SSO extension on macOS 10.15 Catalina devices with the SSO Extension payload

  • Simplifying your user experience by automating new System Extensions approval. 
    Control restrictions and settings for apps that use System Extensions by configuring the System Extensions profile

  • Prevent data leakage with the new Handoff restriction.
    Restrict  the ability to use Continuity Handoff capabilities on Macs running 10.15 by configuring the Handoff key in the Restrictions profile

  • Monitor the Secure Boot and External Boot statuses to ensure only approved operating systems can run. 
    View the Secure Boot and External Boot status for the Macs running 10.15 Catalina in the Device Details page. 

Mobile Content Management

  • Content Locker gets a new name. Let's welcome Workspace ONE Content.
    Workspace ONE Content has all the same functionality as Content Locker, but with a new name. To learn more, see VMware Workspace ONE Content

Rugged

  • Keep Honeywell Android device enrollment simple with the Barcode Enrollment.
    You can simplify the enrollment experience for your users with the barcode enrollment for Honeywell Android devices. Users simply scan the barcode to enroll the devices

Windows

  • Everything is better together with Dell and the new Dell BIOS Attestation.
    Protect your Dell Windows Desktop Devices with the new Dell BIOS Attestation. This service analyzes the BIOS of your Dell devices and reports the status of the BIOS to Workspace ONE UEM. Using Workspace ONE UEM compliance policies, you can act quickly to reduce the risk a compromised device poses to your network.

Workspace ONE Express

  • Learn more about upgrading to Workspace ONE UEM.  
    You now have a simple path to understand what upgrading to Workspace ONE UEM can do for your organization. Get access to helpful videos, live demos, and documentation of Workspace ONE UEM's full feature set, not to mention an easy upgrade path for when you make the switch.
  • We've made migrating your legacy Android devices to the Android Enterprise easy. ​Try our new Android Migration Tool for Express.
    The Android Migration Tool walks you through the process step-by-step. Once you register Workspace ONE Express with Google as your Enterprise Mobility Manager, you can migrate your legacy Android devices. 
  • Troubleshooting your problematic devices got easy with the introduction of the Troubleshooting tab on Device Details. 
    Troubleshooting tab displays the Event Log and Commands listings including a filter and search capabilities, enabling you to perform troubleshooting on the device. To learn more, see Troubleshooting tab on Device Details

To view full release notes with resolved issues and known issues for 1908, see 1908 Release Notes

Android

  • Enroll devices into Android Enterprise Work Managed mode without a managed Google account. 
    You can Enroll devices into Android Enterprise Work Managed mode without a managed Google account under the following circumstances:
    • When you do not have connectivity to Google.
    • When you are operating on a closed network.
    • When your devices do not contain Google services (AOSP/Non-GMS).​ 
      The Android EMM Registration page now includes an option to select AOSP Closed Network as the Work Managed Enrollment Type. To learn more, see Android Device Enrollment
  • We allow Passcode reset on your work profile devices running Android 8.0+.
    You can now select the Clear Passcode and Reset Passcode commands for Work Profile devices running Android 8.0+. Clear Work Passcode removes the work security challenge on the device and the Reset Work Passcode prompts you to enter a new passcode. 
    To learn more, see  Device Management Commands.

iOS

  • We've added new network usage rules payload keys for all your iOS 13 devices.
    Set up the Wi-Fi assist capabilities of targeted physical and eSIM cards for iOS 13 devices.
    To learn more, see Configuring Network Usage Rules Profile
  • Skip all newly added Setup Assistant screens for iOS 13 devices.
    We let you skip newly added Setup Assistant screens for iOS 13 devices added to Apple Business Manager.
    To learn more, see Complete the DEP Enrollment Profile
  • We've added new Restrictions payload keys for iOS 13 devices.
    Prevent Wi-Fi toggling, QuickPath keyboard, Find My Friends, and Find My Device on iOS 13 devices. Also, we've added several existing options that requires supervision such as restricting Camera, Safari, iCloud backup, and explicit content.
    To learn more, see Restriction Profile Configurations
  • Stop the user toggle of the native Mail, Contacts, Calendar, Reminders, and Notes apps separately. 
    We've added new Exchange payload key for iOS 13 devices that allows configuring and preventing the user toggle of the native Mail, Contacts, Calendar, Reminders and Notes apps separately. 
    To learn more, see Configure EAS Mail Profile for the Native Mail Client

macOS

Windows

  • Simplify your peer distribution with the new Windows Desktop profile.
    We've moved the Workspace ONE Peer Distribution from Groups & Settings to a Device Profile for Windows Desktop. The new profile for Windows Desktop devices simplifies configuring the Workspace ONE Peer Distribution settings.
    Workspace ONE Peer Distribution now supports Distributed, Hosted and Local BranchCache modes along with additional configuration settings such as disk space percentage and max cache age.
    To learn more, see Peer Distribution with Workspace ONE
  • Provision your Windows 10 devices yourself with encrypted custom PPKGs.
    PPKGS allow you to provision your Windows 10 devices with the apps, profiles, and enrollment credentials you use. You can use this provisioning package as part of the Windows 10 Out of the Box Experience or later after the device is set up.
    To learn more, see Create a Provisioning Package for Windows 10 Devices
  • Springing from a partnership with Dell, VMware announces Workspace ONE Express+.
    Workspace ONE Express+ is a light management solution for small and mid-size businesses bringing support for Windows 10 devices and Office365 apps.​

Workspace ONE Express

  • Register your Google account with Workspace ONE Express and welcome devices with Android Enterprise.
    Workspace ONE Express now supports Android Enterprise, including support for Work Profile and Work Managed enrollment types, as well as support for Managed Google Play, Android Enterprise policies, and resources. Express support for Android Legacy continues unchanged.
    To learn more, see Enrollment
  • Workspace ONE Express now lets you add an application catalog to the home screen of your devices.
    When you set up Workspace ONE Express, you are now offered the chance to add an application catalog to the home screen of your devices. This option makes it easy to ensure your devices can download the optional apps you assign to them.
    To learn more, see Express Setup

To view full release notes with resolved issues and known issues for 1907, see 1907 Release Notes

Workspace ONE UEM console

  • We've improved logging back into the console after your session times out.
    The console now remembers whether you are a SAML or non-SAML user. When timed-out, SAML users can log back in without any clicks. Non-SAML users, with a remembered user name and password, see their credentials auto-populated on the screen and can log back in with one click. This improvement is enabled by default.
    To learn more, see Logging In to the UEM Console
     
  • Know if your APNs certificates are connecting over the HTTP/2 protocol.
    We've given you an option to manually conduct the test and check whether your APNs certificates are connecting over the HTTP/2 protocol. 
    To learn more, see Checking APNs Connectivity over HTTP/2 Protocol.
     
  • Device tags no longer show the tag color and the tag type in the console.
    Options for the device tag color and the device tag type are removed from the console.
     
  • Unassign a device tag from multiple devices in a one sitting.
    You can now unassign device tags from multiple devices at the same time.
    To learn more, see Unassign Tags from Multiple Devices.
     
  • We offer a simplified integration with Adaptiva to support your peer-to-peer software distribution deployments.
    Workspace ONE UEM supports a new version of the Adaptiva server. For all existing customers, Workspace ONE UEM still supports the previous version of the Adaptiva server. To use the new integration, update your Adaptiva server and your AirWatch Cloud Connector to version 1907.
    To learn more, see Configuring Peer Distribution Software Setup with Adaptiva
     
  • AirWatch Express got a new name. It's now called Workspace ONE Express.
    Workspace ONE Express has all the same functionality as AirWatch Express, but with a new name. 
    To learn more, see Introduction to Workspace ONE Express.
     
  • We've improved privacy by adding a location data question to Workspace ONE Express.
    Privacy is important to our customers. Selecting Yes in the Getting Started survey prompts the user on their device if they choose to share the location data. If the user declines, then location data is not collected.
    To learn more, see Express Setup Survey.
     
  • Get a better idea of the batch import task status in Workspace ONE Express.
    You can now see the status of batch import tasks. Navigate to Accounts > Users > Batch Status to see the status of the batch import jobs you have already initiated.
    To learn more, see Batch Import Users or Devices.
     
  • Make the most out of your Telecom List View page with the new export option.
    We've given you an option to export your usage and roaming details in CSV and XLSX formats. The exported file is available for download in the Monitor > Reports and Analytics > Exports page. 
    To learn more, see Plan Usage Details for Telecom Assets.
     
  • We've enhanced our directory user status synchronization logic.
    The status of Administrator and Enrollment user accounts in the UEM console now syncs correctly with deactivations made to your Active Directory service provided the following assumptions. The user named in the Bind User Name option, located in Groups & Settings > All Settings > System > Enterprise Integration > Directory Services in the Server tab, must have Active Directory administrator privileges. The recycle bin must also be enabled using the Active Directory Administrative Center.
    To learn more, see Directory User Status Syncing.
     
  • LDAP configuration validation is now more comprehensive. Validate your LDAP configuration directly from the console. 
    Administrators can now, at the time of Directory Services setup, validate directory users and user groups, and their attributes, even before adding them to the UEM Console. The enhanced capability helps avoid bad configurations that might arise due to incorrect Directory Services setup.
    To learn more, see Map Directory Services User Information.
     
  • The Settings tab is removed from the Global Search results, which speeds up the search.
    If you choose to search for settings, initiate a search from the Configurations page. Navigate to Groups & Settings > Configurations and enter a keyword in the search text box.

Android

  • The configuration experience for Android public apps now lets you set up complex configurations supported by the OEM.
    Our new updates include:
    • Support for nested bundle arrays.
    • A better and simplified design with useful tooltips. 
    • Choose to leave the unused application configuration options blank instead of deleting them from the UI.
      ​To learn more, see Assigning Applications for Android.
  • We've added programmatic migration workflows for moving your devices on legacy device administration to Work Profile.
    Migrate from your Android (Legacy) deployment to Android Enterprise(Formerly Android for Work) to gain more control and consistency across all OEM devices with the improved security and a better overall experience for employees with BYOD devices.
    To learn more, see  Android (Legacy) Device Administrator Migration
     
  • The improved Passcode profile provides better support for the native Android functionality.
    The Passcode profile for Android has been updated to support native features for Android 9.0. You can now: 
    • Force a separate passcode for the Work and personal side of the device.
    • Increased the maximum amount of days for password expiration from 180 to 9999.
    • Set additional biometric passcode options. 
      To learn more, see Enforce Passcode Settings (Android ).
  • Keep your Work Managed and Corporate Owned Personally Enabled devices secure with an initial passcode.
    With the Set Initial Passcode option in the Passcode profile, you can now set an initial passcode at the device level on all deployed devices. After the deployment, it is possible to reset the passcode at the device level.
    For more information, see Enforce Passcode Settings (Android) Enforce Passcode Settings (Android ).
     
  • The QR Code wizard now gives you more flexibility with system apps during device enrollment. 
    For all your work-managed devices, enable system apps to keep non-critical system applications installed on your work-managed device, or select disable to remove these apps.
    To learn more, see Generate a QR Code Using the Enrollment Configuration Wizard.

Chrome OS

  • Provide beta or development versions of Chrome OS and test the pre-release versions prior to general availability​.
    Determine if the devices will receive beta, development, or production builds of Chrome OS with the Release Channel field in the System Updates profile. This is useful for testing builds before pushing updates to your entire device fleet.
    To learn more, see Configure System Updates Profile(Chrome OS).

iOS

  • Enable data protection for your devices at all times. 
    We now give you an option whether or not to clear the device passcode when checking in a shared device.
    To learn more, see Configure Shared Devices
  • Automatically convert on-demand apps to managed, if you choose to enable "Make App MDM Managed if User Installed". 
    If you now install an app as unmanaged (e.g. through the App Store), the console automatically converts the app to managed when the Make App MDM Managed if User Installed setting is enabled regardless if the App Delivery Method is automatic or on demand. 
    To learn more, see Add Assignment and Exclusions to applications

macOS

  • Rotate your recovery keys on-demand for better security compliance.
    A new security enhancement is added to the Device Details and Self Service Portal where the FileVault Personal Recovery Key (PRK) is automatically rotated 15 minutes after it is accessed by the user or the administrator.
    To learn more, see Personal Recovery Key Rotation
     
  • Control the restrictions for Smart card pairing on macOS 10.12.4 and later devices.
    We've now added a new profile payload to configure the settings and restrictions for the Smart Card usage.
    To learn more, see  Configure a Smart Card Profile
     
  • Restrict or allow capturing of screen recordings and screenshots.
    We added a new restriction key that disables the user's ability to take screenshots of the display or capture a screen recording.
    To learn more, see Configure a Restrictions Profile

Mobile Content Management

  • Select multiple files and delete them at the same time using the AirWatch Managed Content List View.
    AirWatch Managed Content List View now supports bulk file removal.
    To learn more, see Content Management List View.
     

Tunnel

  • We're getting ready for something new. The Workspace ONE Tunnel for Windows app needs a new framework and additional settings for its upcoming release.
    In the UEM console, you will see new settings referring to Workspace ONE Tunnel for Windows. Wait to use these additional settings till our new app is available.
    To learn more, see Configure Per-App Tunnel Profile for Windows Desktop App.
  • It's time to move your Safari Domains from iOS VPN Profile Payload to Device Traffic Rules setup.
    We've removed the Safari Domain section from the VPN Profile XML. If you are upgrading to 1907 from an older version, plan for a smooth migration strategy and move all your Safari Domains from iOS VPN Profile Payload to Device Traffic Rules setup. 

Windows

  • Looking to keep your Windows 10 devices configured to industry best practices? The Baselines feature is now available to all customers.
    Baselines allows you to keep your devices secure and aligned with industry standards such as CIS Benchmarks. With Baselines, you can set and manage your preferred configurations completely over the air without any dependency on VPN or your domain. You can also create custom baselines using GPO policies. New enhancements to Baselines include editing and deleting your custom baselines.
    To learn more, see Using Baselines

To view full release notes with resolved issues and known issues for 1905, see 1905 Release Notes

Workspace ONE UEM console

  • Get the most out of AirWatch Express with the new default configurations​.
    • Location collection is now turned on by default for new AirWatch Express deployments. . End users will now receive a confirmation prompt on their devices asking for permission to collect location data. If granted, location data appears in Device Details on the UEM console.
    • App Catalog is now enabled by default for new AirWatch Express deployments. After enrollment, the App Catalog webclip appears on the device home screen and allows end users to see all assigned apps.
    • Quickly unlock iOS devices placed in Lost Mode from the actions toolbar on the Device Details view.
  • Several configuration improvements have been made to AirWatch Express that impacts location collection, app catalog, and lost mode for the iOS devices.
  • Retrieve your user accounts and groups with the all new SCIM API.
    A new SCIM API helps retrieve all the groups that a user belongs to. 
  • Auto-approve your applications from the Office 365 Getting Started wizard.
    The Office 365 Getting Started Wizard lets you automatically approve Office 365 apps for Android Enterprise. This is now the normal flow.
  • Export your reports to XLSX files, just like CSV files.
    In addition to exporting CSV files, you can now export list views and reports as XLSX files. With this new choice, you can avoid the formatting issues caused by CSV formats.

Workspace ONE Intelligent Hub

  • Easily activate your Hub Services if you are already using VMware Identity Manager and Workspace ONE UEM.
    You can now easily enable Hub Services if you are already using VMware Identity Manager and Workspace ONE UEM.
    Just enter your existing VMware Identity Manager URL to activate Hub Services. No need to reenter the admin user credentials again. We use the one you already provided to link VMware Identity Manager and Workspace ONE UEM.

iOS

  • Start reporting on both physical SIMs and eSIMs with the new dual SIM support.
    Admins can now report on both physical SIMs and eSIMs configured on supported iOS devices like the iPhone XR, XS and XS Max.

Mobile Content Management

  • Add wildcard values to stop your users from creating manual repositories and sub folders.
    You can now use the wildcard character (*) at the beginning and the end of the file path to stop your users from creating manual repositories and sub folders using the manual template.

Rugged

  • Add apps to the Launcher profile with the ease of automation.
    You can now create dynamic rules to automatically whitelist apps added to a Launcher profile. These rules support wildcard characters in the App Field. After you add a wildcard, the app icon displays as a bundle of apps and appear in the Launcher in the available space. You do not need to republish the app every time you add a new app.
  • We've extended Content Delivery Network (CDN) to VMware Workspace ONE Launcher.
    Content Delivery Network (CDN) is now extended to VMware Workspace ONE Launcher. During enrollment, when the Launcher is pushed to the device it is pushed through CDN instead of Device Services. This improves the performance of Launcher delivery to devices and reduces the server load when new version of Launcher is deployed.

Windows

  • Make the most out of your Dell devices with the updated BIOS profile and Dell Command | Monitor integration.
    You no longer need to manually push Dell Command | Monitor to your Windows Desktop devices to use the BIOS profile. When you push the profile to your devices, Workspace ONE UEM automatically pushes Dell Command | Monitor to the devices.
  • Give knowledge to the users. Enable a progress display for Windows Desktop devices enrolling using the Out of the Box Experience (OOBE) workflow.
    The new progress display informs the user what is happening behind the screen during the OOBE enrollment. You can also allow your users to skip OOBE after a specific timeout period.

  • End-user devices no longer require Intelligence Hub to use the Windows Desktop Antivirus profile.
    Now it is easier than before to keep your Windows Desktop devices secure with the Windows Defender as we no longer require agent with the updated Antivirus profile for Windows Desktop devices.

  • Devices have a huge number of attributes associated. Harness the power of Sensors to target the specific devices you want.
    Windows Desktop devices have tons of attributes to remember such as hardware, OS, certificates, patches, apps, and more. To track all these attributes, we created Sensors. Now you can create a sensor for a specific attribute and view this data in Workspace ONE Intelligence by creating visualizations on dashboards and customizing reports.”

To view full release notes with resolved issues and known issues for 1904, see 1904 Release Notes

Workspace ONE UEM console

  • We are happy to provide you a better login experience.
    Administrators can now save their user name and passwords in the browser cache that can be used for subsequent logins.
  • Easily identify your devices. We added a new device identifier called Public IP Address in the Device Details and Device List View.
    Public IP Address is added to the Device Details, Device List View and the Privacy Settings page so you can limit access to it per your business and end-user needs.
    View the Public IP Addresses for your devices by navigating to Devices > List View, then select the Layout button and customize the column selections. You can find Public IP Address in the Network tab of Device Details view. Change privacy settings regarding your devices' Public IP Addresses by navigating to Groups & Settings > All Settings > Devices & Users > General > Privacy in the Network section.
  • The new My Services Selector gives you access to your Hub Services from the UEM console. 
    You can now access Hub Services from the Workspace ONE UEM console with the My Services Selector. The selector is available in the Header Menu of nearly every page of the console.
  • We now offer SAML authentication for multi-domain configurations.
    Administrators (only) can now use the SAML authentication in multi-domain environments for Workspace ONE UEM, expanding the utility of the already trustworthy authentication protocol beyond single-domain configurations. Support for multi-domain environments is enabled by default, and there is no system setting required.
  • AirWatch Express now gives another option to communicate with user devices with SMS messaging.  
    Start using SMS Messaging in AirWatch Express.The SMS configuration page is now available in AirWatch Express. To use the functionality, an account with a supported SMS provider is required. You can enable SMS messaging by navigating to Groups & Settings > Configurations > SMS, then complete the settings options including Gateway Type and Password.

Android 

  • It's time to get started with the Google's Firebase Cloud Messaging service.
    As of April 10, 2018, Google announced that they are deprecating Google Cloud Messaging in favor of a new cloud-messaging platform called Firebase Cloud Messaging (FCM). Once GCM has been deprecated, customers enrolling new devices into GCM enabled environments can experience extended delays in communication between the Workspace ONE UEM Console and Android devices. 
    All customers are encouraged to upgrade their VMware Workspace ONE UEM Console, Workspace ONE Intelligent Hub application, and Workspace ONE application to the versions that contains support for Firebase Cloud Messaging. 
    For more information, look for Upcoming Changes to Cloud Messaging Services in Environments Utilizing Android Devices in My WorkspaceONE portal.

Content Management

  • The new just-in-time content caching strategy that eliminates high memory usage.
    We have re-designed content cache for better performance.The new strategy caches only the folders and the content records that are accessed by the users. Folders are cached individually, as opposed to the old structure that caches the entire repository.

Email Management

  • Start customizing the attributes that are used in the API calls to Google Suite.
    We now offer the ability to change the user attribute for Google Suite Provisioning. Customize the attributes that are used in the API calls to Google Suite by specifying an alternate attribute instead of the user's email address. 

iOS

  • Stop your users from modifying the personal hotspot setting​s.
    You can now restrict your users from modifying the personal hotspot settings and prevent Siri from logging the data back to its servers on iOS 12.2+ devices.

macOS

  • We now support Hub Services on macOS Intelligent Hub 19.04.
    The UEM Console 1904 brings support for macOS Intelligent Hub 19.04 features that includes enhanced catalog, People, Notifications, and custom Home tab. 
  • New and improved FileVault Encryption profile.
    The Disk Encryption profile now supports MDM deferred enablement. The profile update also comes with more granular controls over Hub behavior for encryption enablement and recovery key escrow. 

Rugged

  • Tighten the security of your Relay Server. Relay Server configuration now supports HTTPS protocol.
    You can now select the HTTPS protocol when you configure a relay server, including the configuration of a Stage Now barcode. Take advantage of this support by configuring an HTTPS endpoint using the web server config tool of your choice (for example IIS). You must also navigate to Devices > Provisioning > Relay Servers > List View, select Add, followed by Add Relay Server, then in the Device Connection tab, select 'HTTPS' as the Protocol.

Windows

  • Keep your Windows Desktop devices safe from harmful communications with the new Firewall profile.
    The new Firewall profile contains new settings for Windows 10 devices. Now you can configure different behaviors for domain, public, and private connections. You can also add your own custom firewall rules.
  • We made maintaining Dell Provisioning for VMware Workspace ONE provisioning packages easier with templates.
    Templates let you configure the settings for a provisioning package including the apps and save the settings for later use. We've also added the ability to edit and delete existing provisioning packages.
    If you have existing PPKGs when you upgrade to 1904, they will be removed as they no longer support the new workflow. You will need to recreate your existing PPKGs.
  • Give the users their apps. Add user context apps to your provisioning packages for Dell Provisioning for Workspace ONE UEM.
    You can now add user context apps to provisioning packages. These apps are installed when a user signs into a device for the first time.
  • Sometimes a baseline just needs a little tweaking.
    You can now customize the default ADMX settings in your Windows Desktop Baselines. This customization is in addition to adding additional ADMX policies.

To view full release notes with resolved issues and known issues for 1903, see 1903 Release Notes

Workspace ONE UEM console

  • Switch between all the Workspace ONE services you have configured.
    You can now switch between all your Workspace ONE services using the new bento icon in the header menu. Give it a try by selecting the new icon, located to the right of the account name. This feature is enabled by default.
  • Smart Group filter criteria is getting smarter.
    You now have two new and useful categories available when you create a Smart Group: Management Type and Enrollment Category. 
    Management Type lets you target devices on a cross-platform basis that are managed by MDM or an application like Boxer or Content. 
    Enrollment Category lets you drill down further into only the Apple or Android device pool, isolating devices by their specific enrollment path. For example, you can target only Apple devices that were DEP enrolled or only Android Enterprise devices. See the full complement of Management Types and Enrollment Categories by navigating to Groups & Settings > Groups > Assignment Groups and select the Add Smart Group button.
  • Get access to the message templates that are specific to your enrollment flow.
    When you add missing active directory users to your user groups, you now have access to message templates that are specific to your enrollment. This means your users can receive an enrollment message that takes your configuration into account. For instance, if enrollment is restricted to only registered devices with a token, you can send those users an enrollment email that reflects this configuration and includes the token. Take advantage of this feature by navigating to Accounts > User Groups > List View, select Add then Add User Group, then enable the option Send Email to User when Adding Missing Users and select the Message Template that best suits your needs.
  • Now you can have one group of admins creating the tags for your devices and leave assigning the tags for a different group.
    Device tag assignment is enhanced. You can have one group of admins tasked with creating all the tags for your devices and leave the bulk-assignment of those tags to another admin group.
    Take advantage of this feature by navigating to Accounts > Administrators > Roles and add the new 'Device Bulk Management assign Tags' resource to your admin roles accordingly.
  • We are giving you more flexibility while managing your devices as the AirWatch Express now supports three new Device Actions.
    AirWatch Express now supports Clear Passcode, Device Wipe, and OS Update (for iOS and macOS). 
    Navigate to Devices > List View, open the device Details View by selecting the friendly name from the list view, then select the More Actions button.
  • Configure service account based mobile flows connectors from the Workspace ONE UEM console.
    Administrators can now enter the service account credentials on the console while configuring out-of-the-box (OOTB) connectors.
  • Extended the utility of Identity Manager as the authentication source for Workspace ONE Intelligent Hub.
    Previously Identity Manager and its Multi-Factor Authentication capability only enabled UEM Active Directory users to authenticate, now UEM basic/local users can be authenticated by Identity Manager in Intelligent Hub. 
    Additionally, Identity Manager can now be used for Android staging and shared device enrollment in Intelligent Hub. Currently this functionality is available on Android only and will be available on iOS in a future release.
  • We offer single sign-on access to the Intelligent Hub app and the resources without asking you to reauthenticate.
    You can now enable basic User Sync to add local users to VMware Identity Manager Local UEM directory. When basic accounts are synced, you can use the Workspace ONE Intelligent Hub for single sign-on access to the resources.
  • We have introduced Quick filter search for your payloads.
    We now have a search bar that easily helps you narrow down the desired payload on the profiles modal. Search for the payloads by typing a text search string in the Search Payload search filter.
  • We have enhanced our security that restricts the enrollment flow from creating a new enrollment user in the Single User Advanced Staging flow.
    We no longer allow our users to create other enrollment users in the Single User Advanced Staging flow. Users are only allowed to enroll a device on behalf of another existing user.
  • Clear all your console notifications with a single button.
    You can dismiss all active notifications and send them to the Dismissed alert listing. Try it yourself by selecting the Bell icon in the upper-right corner of Workspace ONE UEM console screen, and select Dismiss All. There is no setting to enable this feature, it is enabled by default.

Android 

  • Customize firmware updates performed on your mobile enterprise devices.
    Android updates page in the Workspace ONE UEM console has additional options to customize updates for Samsung Enterprise Firmware Over the Air (EFOTA).
    ​To configure the following Android Samsung EFOTA Android Updates, navigate to  Devices > Lifecycle > Updates and select the Android tab:
    • Install method
    • Deployment start and end time
    • Server Time Zone
    • Network
  • We have reached End of Support for the Play Store Integration Service.
    VMware reached End of General Support for the Play Store Integration Service on December 15th, 2018 as announced in December 2017 for the customers using the Android (Legacy) deployment method. Existing Android (Legacy) customers who use the Play Store Integration Service to search and add public Android apps to the Workspace ONE UEM console are encouraged to set up Android Enterprise to use the official Play Store search experience. 
    Want to know more? Look for the End of General Support for the Play Store Integration Service knowledge base article on My Workspace ONE portal.

iOS

  • We now assist users to easily install the MDM profile during the enrollment of BYO iOS 12.2+ devices
    Users will now see instructional screens in Safari during the enrollment of devices running the latest iOS version and above. This version now requires users to manually navigate to the iOS Settings app to install the MDM profile instead of automatically taking the user there.
  • Get accurate feedback on the current status of an enterprise wipe or device wipe of activation lock enabled iOS devices.
    Administrators now have better clarity while wiping activation lock enabled iOS devices and more efficiency while deleting them.
  • Get an accurate count of licenses and their redeemed status for Apple Business Manager applications.
    Administrators can now see a consolidated, more accurate count of licenses, and their redeemed status for Apple Business Manager and Apple School Manager applications.

Mobile Application Management

  • Manage your Horizon, Citrix or Thin App resources from within Workspace ONE UEM with the all new Virtual Apps Collections.
    In addition to Web applications, you can integrate Horizon desktops and applications, Horizon Cloud desktops and applications, Citrix published resources, and ThinApp applications within Workspace ONE UEM with the integration of Virtual Apps Collections.
  • We now offer a native peer distribution system to deploy your Win32 applications to enterprise networks.
    You can now configure Workspace ONE UEM native peer distribution that uses the Windows BranchCache feature. However, the native peer distribution system will be behind the feature flag during the first few releases. If you like to try out our technical preview feature, contact Workspace ONE UEM representative and ask them to have the “WorkspaceOneP2PBranchCacheFeatureFlag” enabled. 

Rugged

  • We have made the Content Delivery Service transfer faster.
    An enhancement has been made to the CDS transfer speed. By implementing a new file transfer methodology, our designers have enabled transfers to relay servers be made in parallel, simultaneously, rather than in series as before. There is no system setting for this feature, this setting is enabled by default.
  • Determine whether or not a particular file exists on an Android device before you apply an action. 
    You can set the file condition as an extra criteria to download and/or install a product based on the existence or nonexistence of a file. Make a condition using this criterion by navigating to Devices > Provisioning > Components > Conditions, select Add Condition, select Android as the platform, and select File in the Condition drop-down menu. The new file condition works only on Android devices that have 19.03 version of Intelligent Hub. 
  • We keep improving the Product Provisioning Performance.
    A significant performance improvement has been made to product provisioning. Currently, if a device fails to process a provisioned product, it requires a manual intervention in the form of a force reprocess. The improvement triggers the automatic retry of a product push when it detects a push failure rate of up to 5%. It makes a maximum of three retries per device, which should minimize the number of manual forces reprocesses you make. Enable this feature when you make a Product by navigating to Devices > Provisioning > Product List View and select Add Product followed by the platform. The Auto Retry check box appears in the Deployment tab.

Tunnel

  • Quickly configure per-app Tunnel for the enterprise access.
    We have built a new admin experience to simplify deploying and managing Tunnel settings. To get started, navigate to Groups & Settings > Configurations > Tunnel.

Linux

  • Enroll devices running any version and build of Linux into your Workspace ONE UEM deployment.
    You can now enroll your Linux devices with Workspace ONE UEM. Enroll devices running any version and build of Linux on x86_64 or ARM7 into your Workspace ONE UEM deployment by installing the Workspace ONE Intelligent Hub on the device, and then you can view the device from the Workspace ONE UEM Console.
    To download the Workspace ONE Intelligent Hub for Linux, your organization must be whitelisted with Workspace ONE UEM. Please contact your account representative to receive access to the download file.

To with full release notes with resolved issues and known issues for 1902, see 1902 Release Notes

Workspace ONE UEM console

  • Know when your password is going to expire with the new Email Notification of Password Expiration.
    The UEM console sends administrators an email five days (by default) before a password expires. On-premises administrators can change the default value of five days while shared SaaS administrators cannot. If eligible, change this default value by navigating to Groups & Settings > All Settings > Admin > Console Security > Passwords.
    The emails are only sent on the first and last day of the notification period.
  • Meet the new Organization Group picker.
    Several UI improvements have been made to the organization group picker, found in Add Smart Group, Add User Account, Add Admin Account > Role, and Add DEP Profile screens.
    An instant search function has been added: start typing in the OG text box and it immediately runs a search based on the string you enter, displaying the names of the OGs for which it finds matches. OGs that appear in the instant search results are presented with their full hierarchy path, with individual organization groups separated by forward-slashes. OG names and paths that are longer than the width of the OG picker window wrap around so you can see the entire name/path. No configuration is needed to use this feature, it's enabled by default.
  • Improve security by including a user's active directory Secure Identifier in the certificate SAN for ADCS CA Integration.
    You can now map the SID value certificate requests for ADCS certificate templates.
  • Control who you send your SMTP test connection emails to.
    We've added the ability to set the "To" email address when testing the SMTP connection. To use this new feature, navigate to Groups & Settings > All Settings > System > Enterprise Integration > Email (SMTP).
  • Configure what's important with the Configurations page.
    The Configurations page is a curated list of critical system settings that are essential to setting up your business needs. You can search the configurations for the feature you are interested in, filter out features you do not want to see, and share your filtered list with other administrators. Take advantage of this feature by navigating to Groups & Settings > Configurations.
  • Getting Started with Workspace ONE Intelligent Hub.
    • Enhanced experience to define the Intelligent Hub configuration.
      You can now find a summary of Intelligent Hub settings around management mode, authentication type, and Hub catalog within the Intelligent Hub configuration page, and even configure those settings easily and quickly.
    • Activate Hub Services instantly even if you don’t have the Cloud VMware Identity Manager instance (SaaS only feature).
      The Intelligent Hub Configuration page now provides instant access to Hub Services so that you can start your journey towards the digital workspace. You no longer have to file a support ticket or contact your VMware representative to take advantage of Hub Services. You can click through a simple wizard to get the VMware Identity Manager Cloud tenant and auto activate Hub Services.
    • Seamless activation of Hub Services.
      If you already have a Cloud instance of VMware Identity Manager and want to use Hub Services features like the catalog, People, and Notifications, we have you covered. We refined the experience so you can just enter the tenant URL and credentials to active Hub Services.
  • Quickly configure VMware-hosted mobile flows connectors.
    Find and configure VMware-hosted mobile flows connectors without needing to deploy any connectors on your cloud or infrastructure. The UEM console compiles a list of available connectors for you to use.

Android

  • Deliver messages to user devices with new Custom Messages profile. 
    We added Custom Messages profile for Android devices that allow admins to create custom messages to send to a user. The new profile will option to set lock-screen messages, set a message for blocked settings, or set a message for users to view in their device settings. This profile is available on Android 7.0+ Work Managed devices.  
    To configure this profile, navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android and select the Custom Messages profile. 
  • Reinstall the applications you want on your shared Android devices with the Reinstall Apps on Logout command.
    A new option to Reinstall Apps on Logout has been implemented in Android Logout Settings for Shared device which determines if applications on Shared devices are automatically reinstalled when a user logs out (checks in) a device. Admins can decide whether to always or never reinstall apps. 
    If Clear App Data on Logout is enabled, a third option is available to reinstall apps only if app data cannot be cleared.  When enabled, Workspace ONE UEM will no longer require that apps be deleted and reinstalled when one user stops using a shared device and another user begins using the same device. This means users might have access to the previous user's data including personal information.
  • Choose whether to configure the SSID and password using the Enrollment Configuration Wizard.
    Admins were previously required to specify the SSID and password in the Enrollment Configuration Wizard which allows the user to skip this step during QR Code enrollment for Android devices using Work Managed device enrollment. The Password field is now optional since a password is not always required when connecting to a network.
    To configure QR Code enrollment using the Enrollment Configuration Wizard, navigate to Device > Lifecycle > Staging > List View > Configure Enrollment > Android > QR Code > Configure.
  • Out with the old and in with the new. We've added support for Google's Firebase Cloud Messaging service.
    Firebase Messaging implementation will replace Google Cloud Messaging (which is soon to be deprecated by Google) for Android device communication. 
  • We have removed Enterprise Wipe Device Command for Android Work Managed and Corporate Owned Personally Enabled device.
    Enterprise wipe is no longer supported on Android Work Managed and Corporate Owned Personally Enabled device as the admins would simply use the Device Wipe command to perform a factory reset on a device.
    The setting has been removed from the Workspace ONE UEM console.

iOS

  • Prevent the setup or editing of eSIM configurations on supported, supervised iOS devices.
    We've added a new restriction to the iOS Restriction profile. You can now prevent users from setting up or editing eSIM configurations on supported, supervised iOS devices.

macOS

  • Don't let malicious software infect your macOS devices by ensuring your devices are shielded with System Integrity Protection compliance policies.
    You can now make a compliance policy that detects whether macOS devices have System Integrity Protection disabled. Make a compliance policy that takes advantage of this support by navigating to Devices > Compliance Policies > List View, select the Add button, then select the macOS platform and choose "System Integrity Protection" in the left drop-down menu of the Rules tab.

Mobile Application Management

  • Upload Internal Apps without worrying about the later versions.
    Previously, admins could not upload lower versions of internal apps without incrementing the Workspace ONE UEM Version up one. Now, admins do not need to worry about the Workspace ONE UEM version and they can upload earlier versions of internal apps without error notifications.
    For example, if admins had two versions of an internal app stored in the UEM console, numbers 1.1 (previous version) and 1.5 (latest version), they can now upload 1.3 (new version) without an error notification and without the console guiding them to increase the Workspace ONE UEM version up a number. The console migrates the assignments from the previous version to the new version. The latest version remains the latest and devices that enroll in the assigned group still get this latest version of the app. Also, admins can still retire the previous version when adding a new version.
    An exception remains with Android apps. Android apps have a string called a versionCode that still controls the versioning in Workspace ONE UEM. If admins add a new version number of an Android app that has the same versionCode as the latest version in the console, the console still guides them to increment the Workspace ONE UEM version up one number.

Rugged

  • Product Provisioning performance improvement.
    A performance improvement has been made to product provisioning. Outbound and inbound communication for multi chain-wide deployments has been optimized, which improves efficiency and scale. This improvement requires no setting, it is enabled by default.
  • Product persistence default disabled.
    The persistence setting for new products, previously defaulting to enabled, has been changed. The default setting for new products now features a disabled persistence setting. If you are interested in enabling persistence for a new product, you must manually enable it by navigating to Devices > Provisioning > Product List View, then select Add Product followed by the platform selection. Select Manifest, then Add, then select an action and the Persistent through enterprise reset checkbox displays.

Windows

  • Personalize your Windows Desktop devices just the way you want them with the new Personalization profile.
    We've added a new Windows Desktop profile so you can control the Personalization settings for your devices. The Personalization profile controls the background and lock screen images as well as the Start Menu policies for the device. In addition to these settings, you can upload a start layout XML. This XML overrides the default start menu layout and prevents users from changing it.
  • Create the Baseline you've always wanted. You can now add additional policies to your Baselines.
    You can now add additional policies to your Baselines to configure your devices the way you want them. Baselines already keep your devices secured and aligned with industry standards. Now you can add Microsoft ADMX policies to your baselines. Currently, this feature is in the technical preview.
  • Hide Custom Windows Desktop Files in the Catalog.
    Use the Display in App Catalog option when you assign an internal or public app to hide those files you want to deploy but not advertise in your catalog. This feature is useful for hiding files that perform backend processes.
  • Upload a Single APPX for Windows Desktop and Windows Phone.
    Workspace ONE UEM has removed the need to upload multiple app packages when using the APPX type. Now, when you add an internal, Windows, application, upload a single APPX file, no matter the architecture.
  • Choose the right app for your devices. You can now select transforms and patches (MST and MSP) when adding apps to a PPKG for Dell Provisioning for VMware Workspace ONE.
    The Provisioning Package Wizard now supports selecting a transform and a patch for apps. You must add the transforms and patches to the apps using the Edit App modal.

To view full release notes with resolved issues and known issues for 1811, see 1811 Release Notes

Workspace ONE UEM Console

  • No more editing the login URL for your admins. Workspace ONE UEM now supports automatic SAML authentication.
    When you have SAML login enabled in system settings, the system supplies the OG-specific login screen, that adheres to the standards of Identity Federation, when you enter the Admin username. You now no longer need to edit the login URL to get the login screen you want.
    Enable SAML login for administrators by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Directory Services. Select the Server tab and in the LDAP section, enable the Use SAML For Authentication setting and select the relevant options.
  • Your Feedback Matters Still. We've enhanced the optional survey to better process your responses.
    The optional survey introduced in the previous release gathered valuable feedback based on your experiences with our software. Together with the data collected at the time you created your admin account, VMware processes these survey responses with third-party assistance to facilitate a closed loop feedback system. This system helps us understand our users better and allows us to improve our products based on your needs.
  • Track basic admin account activity better with new Console Event Logging additions.
    Two new events have been added to the console event logger: 'admin account locked' and 'admin account unlocked'. These events should assist you in researching basic administrator login problems, which you can do by navigating to Monitor > Reports & Analytics > Events > Console Events. The new login events are of the Module: Administration and of the Category: Login.
  • We are getting better at telling you what went wrong through some improved error messages.
    We understand that it is frustrating when things don't work. To help reduce some frustration, we are looking at our error messages to see where we can improve them.
  • We have removed Data Samples Settings page in the console.
    We deprecated the ability to configure and store historic sample data related to device hardware, device network data, profile information, telecom data, restrictions, security information in the UEM console. You could make these changes from All Settings> Admin> Data Samples.
  • We've deprecated several APIs so make sure you use the new replacements.
    For more information on what APIs were deprecated and their replacements, see https://resources.workspaceone.com/view/6z89m664plrjdjjr7fcb/en.

Android

  • Configure more features for your Android devices.
    We've updated the Workspace ONE UEM console to include additional support for Wi-Fi Proxy, Bluetooth, Backup service, and Update Information.
    • The Wi-Fi profile includes a new section called Proxy for you to configure Proxy settings for Android devices. (Android 8.0+). 
    • The Device Details page includes a section named Pending System Update which shows information on available or last updates for Android 8.0+ devices.
    • The restrictions profile has been updated with a new restriction, "Allow Backup Service"
    • Support new restrictions available for preventing Bluetooth and Bluetooth sharing. 
  • You can now enable Knox for Android devices without using Android Legacy settings.
    Under Intelligent Hub Settings the Knox license key field is no longer dependent on the Enable Containers setting.  This means you can enter a Knox license key, without turning on Enable Containers (which only applies to Android Legacy). If Enable Containers is checked and Android EMM Registration is configured, this turns on Knox Play for Work (Android legacy enrollment mode).

    To see these settings, navigate to Group & Settings > All Settings > Devices & Users> Android > Intelligent Hub Settings

  • Manage how your Android devices update apps with the new Update Policy profile.
    We added a new Auto Update Policy profile for Android devices that allow admins to configure auto updates and schedule maintenance windows for public Android apps. Once pushed, the applications will only auto-update during the specified start and end times.

    To configure the Auto Update Policy, navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android > and select the Auto Update profile. 

  • Configure additional capabilities in the Restrictions profile.
    The Restrictions profile now supports additional capabilities specific to Android Enterprise. On Work Managed devices and COPE enrollment, you can now Prevent System UI (Toasts, Activities, Alerts, Overlays) which blocks additional windows from opening on the device. For all enrollment types (Work Managed Device, Work Profile, and COPE) you can enable Skip user tutorial and introductory hints to force apps to skip user tutorials and introductory screens.

  • Verify that your apps are safe for your devices with Safetynet App Verification.
    A new system setting, Safetynet App Verification, enables app verification which scans apps installed on the device before they are downloaded to detect potentially harmful apps. 

macOS

  • Enhanced the macOS Network profile to support configuring multiple ethernet interfaces.
    We added options to configure multiple ethernet interfaces as needed.

  • Enhanced macOS Privacy Preferences profile so you can add multiple Apple Event rules for a given app.
    To help administrators manage data access consent on behalf of the user, we enhanced the Privacy Preferences profile. Now you can multiple Apple Events to a given app.

Windows

  • Keeping your Windows Desktop devices configured and up-to-date with best practices is difficult. Workspace ONE UEM curates these best practices into configurations called Baselines.
    This new feature allows you to keep your devices secure and aligned with industry standards such as CIS Benchmarks. With Baselines, you can set and manage your preferred configurations completely over the air without any dependency on VPN or your domain. Currently, this feature is offered as a technical preview.

  • Track your Windows Desktop devices without needing the legacy AirWatch Agent.
    We've enhanced our GPS support for Windows Desktop devices. Workspace ONE UEM now gets location data through OMA-DM instead of relying on the AirWatch Agent from the Microsoft Store. Windows Phone devices still need to use the legacy method.

  • Send your Windows 10 device traffic through a proxy with the new Proxy profile.
    This profile allows you to configure the native system proxy settings on your Windows 10 devices to direct network traffic through a proxy server.

  • Devices have a huge number of attributes associated. Harness the power of Sensors to target the specific devices you want.
    Windows Desktop devices have tons of attributes to remember such as hardware, OS, certificates, patches, apps, and more. To track all these attributes, we created Sensors. Now you can create a sensor for a specific attribute and combine the sensor with smart groups to target specific devices for profiles, updates, and more.
    Note: This feature is currently in technical preview. It releases for general availability in Workspace ONE UEM 1905.

  • We've made Dell Provisioning for VMware Workspace ONE easier to use.
    A new wizard in the UEM console provides a single place to create a configuration file for the various use-cases and export your Win32 apps. You no longer need to use the external configuration tool.

    Additionally, we've expanded app support to include OMA-DM and user context apps. To use the new wizard, navigate to Lifecycle > Staging > Windows.

  • Control the level of device diagnostic and usage telemetry data your devices send to Microsoft.
    We have updated the Restrictions profile to control the level of data sent to Microsoft. The level of data ranges from Security, which limits the data to only what is necessary to keep the device safe and secure, to Full.

  • Collect important device details through the Request Device Log action.
    We added this functionality so you can request the logs from the device to troubleshoot and provide support. To request a log, simply navigate to the device and select Request Device Log from the More Actions list.

  • Wipe your devices just the way you want to.
    We enhanced the Device Wipe device action so you can choose the level of Device Wipe. In addition to the original Device Wipe, you can now perform a Wipe Protected that can't be circumvented by users. Finally, you can perform a Wipe and Persist Provisioning Data action that will back up the provisioning data and reapply it after wiping the device.

  • Reset your devices back to their factory settings with the Enterprise Reset device action.
    We added this functionality to corporate-owned Windows Desktop devices. Now you can reset a device to factory settings while keeping the device enrolled in Workspace ONE UEM.

App Management

  • Keep your per-app VPN profile associated with native apps updated.
    You can edit the App Tunneling configuration by selecting another Per-App VPN profile in the flexible deployment assignment. This associates the changed profile when the applications publishes. Also with the flexible deployment assignment, you can change the priority of an assignment. Move it higher in the list, and assigned groups receive those associated configurations that include the per-app VPN profile.

    You can also deselect the App Tunneling setting in the flexible deployment assignment. The system removes the per-app VPN off devices in the assigned smart group. Another option is to change the smart group of a device to one that is assigned to an application that has the desired per-app VPN profile associated to it.

  • Distribute internal application packages from Workspace ONE UEM instead of redirecting users to a link.
    This feature is useful for deployments that use APIs for continuous delivery integrations and UI actions. 

  • Control the cost of licenses for your software distribution and OMA DM applications with the new App Approvals workflow.
    This process allows you to approve who can consume application licenses, thus controlling the cost to manage these resources. This workflow integrates your existing deployments of ServiceNow, VMware Identity Manager, VMware Workspace ONE UEM, and VMware Workspace ONE Intelligence. Currently, this feature is offered as a technical preview.
    Note: App Approvals is currently a tech preview feature. Consider limiting your use of this feature for testing purposes only.  App Approvals should not be used in a production environment. Features are not final and are subject to change at any time.

  • Updated software distribution by working to support distributing Win32 applications without a content delivery network (CDN) for on-premises deployments.
    At this time, one of two systems is still necessary for distribution, a content delivery network or a file storage system. VMware Workspace ONE UEM supports up to 5GB of storage on CDN for on-premises. If more than 5GB is needed, then use a file storage system.

Email Management

  • Revoke access for Google accounts if an account violates compliance with the Token Revocation option on the Email Settings page.
    We offered a similar feature for Office 365 and now we support it for Google accounts. If you revoke a token, users lose access to their Google accounts. Workspace ONE then evaluates compliance before issuing a new token.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components.

End of Support Announcements

Workspace ONE UEM Console Release and End of General Support Matrix​ provides the general availability, end of availability and the end of support dates for all Workspace ONE UEM Console Release.