sturmanc's Posts

You didn't state iOS or Android. The current version of Horizon Client is 8 (which is 2006) https://docs.vmware.com/en/VMware-Horizon-Client-for-iOS/2006/horizon-client-ios-installation/GUID-FA0D1218-E28F-4CB5-8126-33011483E54F.html https://docs.vmware.com/en/VMware-Horizon-Client-for-Android/2006/horizon-client-android-installation/GUID-6EDD83E9-9397-4B45-9FA8-1C4B70A5747A.html

Getting Ready for Apple Fall 2020 Releases (79996) https://kb.vmware.com/s/article/79996?lang=en_US https://github.com/vmware-samples/euc-samples/blob/master/iOS-Samples/Fall-2020/iOS14-WiFi.md iOS 14 WiFi This payload includes: • Disable MAC address randomization Paste the entire XML snippet (<dict>...</dict>) into the Custom XML payload in Workspace ONE UEM. <dict>   <key>PayloadDescription</key>   <string>Configures wireless connectivity settings.</string>   <key>PayloadDisplayName</key>   <string>WiFi (Example Wi-Fi)</string>   <key>PayloadIdentifier</key>   <string>195c2047-813f-423e-b8c6-56a47a721b6e.Wi-Fi</string>   <key>PayloadOrganization</key>   <string></string>   <key>PayloadType</key>   <string>com.apple.wifi.managed</string>   <key>PayloadUUID</key>   <string>36297c23-1c2f-43e9-8863-bea2c33ca318</string>   <key>PayloadVersion</key>   <integer>1</integer>   <key>ProxyType</key>   <string>None</string>   <key>SSID_STR</key>   <string>Example Wi-Fi</string>   <key>DisableAssociationMACRandomization</key>   <true/> </dict>

We worked with VMware Support on this last year.  The only way is to do an update command to the AirWatch SQL DB. You have to update 4 records in the mobileManagement.enrollmentuser table.  (domain, UserPrincipleName, EnrollmentUserDN, and EnrollmentUserDNtrimmed)

Is your Workspace ONE console version at least 20.01? Previous versions do not have the "Available OS Updates Sample" under MDM Sample Schedule to automatically check devices for OS versions. This was a manual query only.

We also had memory leak issues with previous versions of Workspace ONE (AirWatch). To protect the service we implemented IIS App Pool memory limits.  This will recycle the IIS App Pool and prevent server memory saturation. Maybe also look a CPU limit also. This is a MS SharePoint link but gives you the instructions. Application pools recycle when memory limits are exceeded (SharePoint Server) | Microsoft Docs Also check your logging levels.   If you have any always set to Verbose that will cause CPU/Memory issues as the log files are generated and written. We have 35k devices with 4 DS and 2 CS servers.  Each server is Windows 2016 VM with 6 CPU/12 GB RAM.  We don't see any performance issues on 19.09.07.

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1909/AppleBusinessManager/GUID-20590777-DA27-465D-A324-EB5EB1F81572.html Custom Enrollment in DEP https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1909/rn/VMware-Workspace-ONE-UEM-Release-Notes-1909.html 19.9.0.17 Patch Resolved Issues AAPP-8972: VPP apps are not installed on a device that is custom enrolled.

They have to launch HUB after a reboot or low power.  We also have a HUB compliance rule looking for compromised status every 10 days.  With the minimum refresh interval and significant movement, it keeps the HUB in the foreground. Our enrollment email for DEP devices recommends that they opt-in to location services and to always allow the HUB to use it.  We have over a 65% opt-in for this. We do not TRACK users with the location but only allow our corporate emergency security team the location data for locating users in the event of an emergency.

Console Settings we have configured. Devices & Users > Privacy - GPS Data (we use Collect Do Not Display) Devices & Users > Apple > Apple iOS > Intelligent Hub Settings - General > Minimum Refresh interval > 15 minutes - Area > Collect Location Data - SDK Profile V2 > iOS Default Settings @ Global Devices & Users > Apple > MDM Sample Schedule - MDM Hub Sample > 6 hours

We have HUB location services working for our iOS devices.  The HUB stays in the foreground and devices report after significant movement.  It does not use GPS. https://developer.apple.com/documentation/corelocation/getting_the_user_s_location/using_the_significant-change_location_service

I only see it under Configure Data Loss Prevention for the Default SDK Profile For our 18.11 version - https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1811/VMware-Workspace-ONE-SDK-and-Mobile-Application-Management/GUID-AWT-DLP-CONFIGURE.html Enable Copy and Paste Out Enable Copy and Paste Into

SSL Pinning and Outbound SSL Interception Proxies https://support.workspaceone.com/articles/115009643247 Early 2020, VMware AirWatch will begin enforcing SSL pinning in its mobile applications. Although SSL pinning to Device Services is optional and may be disabled by customers with On-Premises, or Dedicated SaaS environments, certain communications between VMware AirWatch mobile applications and VMware AirWatch cloud services will always be pinned for enhanced security.

Getting Ready for Apple Fall 2019 Releases https://support.workspaceone.com/articles/360024561354 Dynamic Compromised Detection is a new feature which allows SDK applications to securely update the compromised detection algorithm over-the-air. This will allow for a faster turnaround when false positive issues are found. Customers and developers with apps using these new SDK versions which support dynamic compromised detection will no longer have to update and/or re-release their apps. It is recommended to ensure your users are on the minimum supported version especially for Dynamic Compromised Detection. Note: The Workspace ONE team has already found an issue in iOS 13 beta 1 giving false positives for compromised detection. We hope to have this resolved as soon as possible.