Details

Greetings! It is my great pleasure to announce that VMware Workspace ONE UEM Console 2306 is GA as of 10/31/2023!I would like to congratulate the entire working team and the cross-functional teams on their achievement delivering this release to the finish line!Console Let’s keep our request templates for SCEP certificates simple. We’ve changed the behavior for our SCEP certificates. Auto-renewed certificates no longer append sceprenew to the Subject. In prior releases, "sceprenew" was appended to the certificate Subject as a Common Name. With this modification, a sceprenew token is included in the certificate as a Subject Alternative Name (SAN). Basic admin accounts now have better security hygiene. When you reset your account password, your Workspace ONE UEM console session used to reset the password continues, but we automatically log you out of any other active sessions. This feature applies only to basic administrator accounts. The third party authentication is not currently supported. This feature is enabled by default, there is no system setting. For more information, see Logging In to the Console. We've added the Subject Alt Text (SAN) field to the EBJCA CA template. You can now add one or more SANs to the EBJCA CA template for unique certificate identification. New Compliance Policy Rule: Device Tags You can now detect whether a device tag is present (or missing) on a device and mark the device as not compliant if it is present (or missing). All platforms are supported. For more information, see Compliance Policy Rules and Actions.iOS Add Web clips to your Home Screen Layout profiles. Manage the location of Web Clips when defining the layout of the device's home screens using the Home Screen Layout profile. You can place Web Clips on any home screen, on the Dock, or within Folders. We've updated Volume Purchase Programm (VPP) to support Apple's latest API. To improve VPP app deployments, we have now implemented Apple's latest API suite. While this update is taking place behind the scenes, you will notice improved performance and scalability when deploying managed applications through VPP. Are you missing various iOS profile keys? We’ve a solution for you! We have updated the profiles for Restrictions, Wi-Fi, VPN, and Skip Setup Assistant. As of iOS 16, these profiles now support all available configuration keys.Here are the specific updates per payload: New Restrictions keys: Allow Cellular Plan Modification, Allow NFC, Allow Personalized Advertising, Allow Recovery Mode with Unpaired Device, Force On-Device Dictation, Allow Automatic Lock, Force On-Device Translation, Require Managed Pasteboard, Allow iCloud Private Relay, Allow Mail Privacy Protection, Allow Rapid Security Response Installation, Allow Rapid Security Response Removal.New Wi-Fi keys: Enable IPv6, HESSID, TLS Certificate Required.New VPN keys: Enforce Routes, Maximum Transmission Unit, SMB Domains, Prevent On Demand Override.New Skip Setup Assistant keys: Terms of Address, Emergency SOS, App Store. For more information, see iOS Device Profiles.macOS Use the new macOS Device Updates dashboard to manage macOS updates. The new macOS Device Updates dashboard enables you to assign and deploy minor and major macOS updates to devices. This dashboard leverages Apple’s MDM protocol, supporting options such as the ability to download and stage the update to a device, notify the user that an update is available, or even force an update to take place without user interaction. The target macOS version and behaviour can be scoped to specific smart groups and assigned to devices, and Workspace ONE will automatically retry the commands periodically until the device confirms the update is successful. For more information, see macOS Update Management. Introducing the new macOS Ventura keys. We’ve added several new configuration options for macOS profiles: Login and Background Item Management: Prevent users on macOS Ventura from disabling background processing for specified apps.SSO Extension: Support for third-party platform SSO Extension configuration.Restrictions: Allow the Deployment or Removal of Rapid Security Updates.Allow Universal Control, USB Restricted Mode, and manual configuration profile installation. Security & Privacy: More granularity around delaying major, minor, and non-OS updates.Content Caching: Configure the native caching settings on macOS devices.Firewall (Native): Updates to configuration options for the native system firewall.Notifications: Configure the default notification settings for apps installed on macOS devices. For more information on the profile updates, see macOS Device Profiles. Introducing a global Cloud Notification Service for delivering APNs notifications. APNs for applications communication uses Cloud Notification Service by default. For more information, see Cloud Notification Service.Windows Updating on-demand Windows apps to newer versions just got easier! You can now keep those on-demand apps up to date whenever you add a new version. When configuring the assignments for your app deployments, make sure to enable the Keep app updated automatically setting. For more information, see Assign Applications to your Windows Desktop. Check out the fresh new Windows Security Baseline templates! We’ve added two new templates: Windows 11 versions 21H2 and 22H2. We have also included Windows 11 version 21H2 for creating a new CIS Windows Benchmarks template. For more information, see Using Baselines. Customize your Online Drop Ship Provisioning Cache Serves. We now support custom cache servers. For more information, see Use a Custom Cache Server. We enhanced the UEM console for user and device profiles. Enhancements for Windows Profiles: Profile data will now be provided to the console through the Windows DDUI Profiles (Beta).Around 150 native Microsoft CSP payloads are now available to be configured without using custom settings.VMware Templates are behind a feature flag - Template payloads will provide three highly customized profiles (Windows Updates, Deliver Optimization, and Proxy) to simplify Windows configurations. Enhancements with Windows Update: Windows Update information has been moved to the Intelligent HUBNew Device Update view shows the accurate installation status together with the Update installation source for easier troubleshooting. For more information on both of these, see Workspace ONE UEM Profiles for Windows. Troubleshooting Windows update is now much simpler! We’ve introduced three buttons to help you troubleshoot Windows updates such as Pause, Rollback, and Resume. For more information on how these work please refer to: Workspace ONE UEM Profiles for Windows. We no longer support the Tunnel Proxy Component. The Tunnel Proxy Component support period ended on January 30, 2023. See Migrating from Tunnel Proxy to Per-App Tunnel for information on how to switch to VMware Tunnel. The full end-of-support announcement can be found here: KB#87345.Android Use Conditional Access for your shared android devices We’re excited to announce that VMware has integrated with Microsoft to extend our UEM conditional access capabilities for Microsoft Azure Active Directory (AD), with support for Android shared device mode. With this new integration, you will be able to provide shared devices with secure, conditional access to Microsoft 365 apps. For more information, see Configure Shared Android Devices for your Shift Workers. Simplify certificate-based authentication for your Android applications. You can now silently grant applications access to client certificates provisioned by Workspace ONE UEM. VPN clients, browsers, and other applications will no longer have to prompt the device user to select a certificate for authentication. Supported on devices running Android 11 and higher.Documentation and Links: Release NotesDownload Link