Digital Employee Experience Release Notes
Release notes for digital employee experience (DEX) platforms
Products (12)
Latest Digital Employee Experience Updates
- May 2026
- No date parsed from source.
- First seen by Releasebot:May 12, 2026
Synthetic Monitoring
ControlUp adds Synthetic Monitoring for tracking app performance and availability.
Synthetic Monitoring
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:May 13, 2026
Omnissa Connect 26.05.12
Omnissa Connect adds quality and performance improvements, fixes an organization-level IP Authentication Policy login issue, and updates its release notes with current capabilities, resolved issues, and known issues information.
The Omnissa Connect Release Notes outline the new features and enhancements in each release. This page contains a summary of the new capabilities, issues that have been resolved, and known issues that have been reported. With Omnissa Connect, you can access your Omnissa solutions portfolio from a centralized location.
Urgent Notification regarding legacy Domain End of Service
As part of the migration from legacy VMware owned domains to Omnissa owned domains, customers’ network and security teams must make firewall changes to allow access to the new Omnissa owned domains by June 15th, 2025, to prepare and not block the new Omnissa domain network requests in upcoming product and service updates. This also impacts any API driven tasks or automation tasks created. Please see KB6000840 for more information.
Omnissa Connect 26.05.12
New Features
- In this release, we’ve made a few updates containing general quality and performance improvements with no new features.
Resolved Issues
- CXP-8182: Fixed an issue where the system was not enforcing an organization level IP Authentication Policy during login.
Known Issues
- We haven’t identified any notable known issues in this release. If you’re facing problems, reach out to the Omnissa Global Customer Support (GCS) Team.
All of your release notes in one feed
Join Releasebot and get updates from ControlUp and hundreds of other software products.
- May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:May 12, 2026
Workspace ONE Content 26.04 - March 2026
Omnissa Workspace ONE Content for Android releases new March 2026 enhancements, including configurable For You section ordering and smoother authentication when repository and enrollment credentials match, plus a fix for Android PDF printing and no notable known issues.
Urgent Notification regarding legacy Domain End of Service
As part of the migration from legacy VMware owned domains to Omnissa owned domains, customers’ network and security teams must make firewall changes to allow access to the new Omnissa owned domains by June 15th, 2025, to prepare and not block the new Omnissa domain network requests in upcoming product and service updates. This also impacts any API driven tasks or automation tasks created. Please see KB6000840 for more information.
Omnissa Workspace ONE Content for Android Release Notes detail the new features and enhancements in each release. This page contains a summary of the new capabilities, issues that have been resolved, and known issues that have been reported in each version.
Workspace ONE Content 26.04 - March 2026
New Features
- Provision for users to view For You sections as per the order configured in Workspace ONE UEM.
- Seamless admin and user repository authentication experience when repository and enrollment credentials are the same.
Note
For information about new features and improvements on Workspace ONE UEM, see Workspace ONE UEM Documentation at Omnissa Docs.
Minimum Requirements
- Android 9+
- Workspace ONE UEM Console 2410+. For more information, see the Knowledge Base article Workspace ONE (WS1) UEM Console Release and End of General Support Matrix (2960922).
Resolved Issues
Note
The numbers included before the resolved issues are used for internal issue tracking.
- AST-18946: Print option not available in Android Content app for pdf file uploaded in UEM Console.
Known Issues
We have not identified any notable known issues in this release. If you are facing any problems, feel free to reach out to our support team.
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:May 11, 2026
VDI (Real-Time DX)
ControlUp releases broad monitoring and management updates across its product line, adding new Citrix and Horizon insights, cloud connection and session metrics, browser performance monitoring, agent and script enhancements, and improved trigger, alerting, and web UI experiences.
Release Notes for all your ControlUp products - find out what's new here!
9.2
New Features
Citrix VDA Registration State Monitoring
What It Does
Citrix User Connection Failure Monitoring
What It Does
Citrix Black Hole Monitoring
Windows Process Relationship Monitoring
Published App Statistics Report
New Citrix Reports
New ControlUp Agent Version Metric
New Version-Specific Presets
Customize Script-Based Action (SBA) Logon Types
Improved XenServer Secure Connectivity
Trigger & Alerting Across All Features
Streamlined Experience: Moving Features to DEX
Session Activity Report Enhancements
Citrix License Activation Service Support (available from build 711)
What’s New:
Licensing Management
Incident Management
Monitoring and Remediation Settings (Implemented for versions 9.1.5 and higher)
Bug Fixes
Real-Time DX (build 711)
Web Interface (build 711)
Real-Time DX (build 622)
Web Interface (build 622)
Real-Time DX (build 600)
Web Interface (build 596)
Real-Time DX (build 507)
Web Interface (build 507)
Real-Time DX (build 432)
Web Interface (build 432)
9.1.5
New features
New Citrix Session Startup Metrics
Omnissa Horizon Migration to REST API
Breakdown Citrix Cloud Connections
Performance Improvements in the Web UI
Bug Fixes
Real-Time DX
Web Interface
Known Issues
9.1
New features
Monitor Independent Sites
Shared Credentials
Cloud Connection Enhancements
Breakdown Azure Cloud Connections
Breakdown Citrix Cloud Connections (available from build 9.1.0.807)
New Reconnect Metrics (available from build 9.1.0.807)
Two New Metrics in Citrix Connection Failure Log Table (available from build 9.1.0.807)
Built-In Sync Script Enhancements
Sync DNS mappings
Improved Query Performance
Deprecation of Export Schedules and PowerShell cmdlets
Deploy Agents Automatically from Monitor
Enhanced Citrix Connection Troubleshooting
New PowerShell Cmdlets
Manage Cloud Connections Cmdlets
Breakdown Cloud Connections Cmdlets
Manage Sites Cmdlets
Environment Configuration Cmdlet
Bug Fixes
Real-Time DX (build 807)
Real-Time DX (build 751)
Real-Time DX (build 711)
Real-Time DX (build 693)
Real-Time DX (build 685)
Real-Time DX (build 661)
Real-Time DX (build 654)
Web Interface (build 654)
Real-Time DX (build 642)
Web Interface (build 642)
Real-Time DX (build 625)
Real-Time DX (build 615)
Real-Time DX (build 610)
Real-Time DX (build 597)
Web Interface (build 594)
Known Issues
9.0.5
New features
Web Login
Trigger Management with PowerShell cmdlets
Browser Performance Monitoring
Citrix EDT Monitoring
Add Non-Domain Machines to ControlUp
Bug fixes
Known issues
9.0
New Prerequisites
ControlUp Agents
Network Requirements
Agent Outbound Communication
Benefits
Note
Monitor Metrics and Actions
Note
Removed AD Dependency for Monitors
Install Monitors with New Automation Module
Built-In Folder Synchronization
New PowerShell Cmdlets
Monitor Cmdlets
Security Policy Cmdlets
API Profile Management
Horizon Management
Remote Control
Installation
FSLogix
Azure
Citrix
Bug Fixes
Real-Time DX (current build 1680)
Real-Time DX (build 1616)
Real-Time DX (build 1470)
Web Interface (current build 1567)
Web Interface (build 8.7.0.737)
Known Issues
8.8 Maintenance Release
New Features and Enhancements
Real-Time DX
Solve
Bug Fixes
Real-Time DX (992 build)
Real-Time DX (1012 build)
Real-Time DX (1021 build)
Real-Time DX (1067 build)
Solve
Remote DX
Known Issues
Real-Time DX
Solve
Remote DX
Original source - May 7, 2026
- Date parsed from source:May 7, 2026
- First seen by Releasebot:May 12, 2026
Workflows Overview and Features
ControlUp introduces Workflows, a low-code automation app for IT teams that streamlines operational tasks with visual workflow building, integrations, triggers, functions and AI, forms, version control, and ready-made templates for service desk automation.
ControlUp Workflows is an automation app designed for IT teams to streamline operational tasks. It provides a visual, low-code interface for creating, managing, and monitoring automated workflows that integrate with various IT systems. In addition to core workflow capabilities, it includes features such as Workflow Integrations, Create a Flow, Trigger Types, Functions & AI, Forms, Flow Version Control, and Use Templates. These features enable IT teams to automate sequences, select trigger types, add logical operations and AI commands, deploy structured forms, manage flow versions, and utilize pre-designed templates for common IT and service desk automation tasks.
Original source - May 6, 2026
- Date parsed from source:May 6, 2026
- First seen by Releasebot:May 6, 2026
Factory Sensor Kits May 2026
SysTrack releases a May 2026 sensor update with new sensors for applications, AI tool usage, Defender for Endpoint service stoppage, and Citrix session reliability, plus fixes for low Wi‑Fi signal detection and improved BitLocker trigger handling.
Sensor Update
May 2026
Sensor Name Category Details of Update Software Change Applications New sensor. Desktop - Session Reliability Issues Citrix Fixed - The sensor properly triggers when System Event IDs 1005, 1006, or 1007 from source TdIca are reported 3 or more times within 60 seconds. (16073) SMS Agent Host Service Disabled Management Changed - The sensor has been renamed to SCCM Agent Disabled. Low Wifi Signal Strength Network Fixed - Updated expressions to properly handle Mac Wi‑Fi adapters. (16456) AI Tool Usage Detected Security New sensor. BitLocker Protection Status Security Changed - The sensor checks that the system has been running for a minimum uptime before triggering. Uptime is now defined by a configurable variable, with a default value of 30 minutes, helping prevent false triggers during startup. Defender for Endpoint Service Stopped Security New sensor. Original source - May 5, 2026
- Date parsed from source:May 5, 2026
- First seen by Releasebot:May 6, 2026
Omnissa Workspace ONE UEM Release Notes
Omnissa releases Workspace ONE UEM 2506 with broad updates across Android, Apple, Windows, Linux, tvOS, visionOS, and more, adding stronger certificate and device security, richer workflows and troubleshooting, faster app delivery, and new management options for shared devices and enrollment.
We’re excited to share the new release of Workspace ONE UEM version 2506! Read on to learn about the new features and improvements in this release.
Urgent Notification regarding legacy Domain End of Service
As part of the migration from legacy VMware-owned domains to Omnissa-owned domains, customers’ network and security teams must make firewall changes to allow access to the new Omnissa-owned domains by June 15th, 2025, to prepare and not block the new Omnissa domain network requests in upcoming product and service updates. This also impacts any API driven tasks or automation tasks created. Please see KB6000840 for more information.
What’s New in this Release
Android Management
Experience seamless single sign-in and sign-out with Microsoft Entra for shared Android devices
You now have the advantage of a smooth single sign-in and sign-out process for applications that support the Microsoft Authentication Library (MSAL) on shared Android devices using the Workspace ONE Launcher. This feature supports first-party Microsoft applications such as Teams and any third-party applications that integrate MSAL and support Microsoft’s Shared Device Mode.
To use this feature, organizations must configure devices to use Check-in/Check-out (CICO) with Workspace ONE Launcher. Users authenticate with Microsoft Entra to check out the shared device. Users only need to launch supported MSAL-enabled apps to start using them. When users log out of Workspace ONE Launcher, they are automatically signed out of these applications. Additionally, this feature provides an alternative to the Workspace ONE Mobile SSO for organizations that cannot federate Microsoft Entra with Workspace ONE Access or cannot use Workspace ONE Tunnel as their VPN client.
Remotely deliver certificates to your device using SCEP payload
A new SCEP payload is now available in Android Custom DPC profiles. Push this profile to enable the remote delivery of certificates to your device from your certificate authority using the SCEP protocol. The Intelligent Hub obtains an SCEP challenge from Workspace ONE UEM, securely generates a private key on the device, and acquires the certificate from your certificate authority. The Hub then adds the certificate to the Android Keystore, where other applications on the device can access it. Silently granting applications access to these certificates is supported. Workspace ONE UEM currently does not support the use of the SCEP payload for configuring Wi-Fi with certificate-based authentication.
Configure Access Point Names (APNs) for work managed Android devices
A new Access Point Name (APN) payload is now available in Android Custom DPC profiles. Push this profile to remotely add APNs for mobile networks to Android devices. Additionally, you have the option to mandate that your Work Managed devices utilize only managed APN settings. This allows organizations to easily deploy private APNs to better secure access to corporate resources over mobile networks. This is supported on Android 9.0 and higher that are enrolled in Work Managed mode.
Android Management Mode Filter for Smart Groups
You can now create Smart Groups that capture Android devices with a specific Android Management Type (Custom DPC vs AMAPI) and Android Management Mode (Work Profile, Work Managed, or COPE).
Note: This feature is available on demand in Workspace ONE UEM 2506. Please contact your Omnissa representative or submit a support request to enable this functionality. This feature will be generally available in Workspace ONE UEM 2509.
Certificate Management
Integrate OID-SID and SAN into certificate templates
To meet the updated certificate requirements, we have enhanced certificate templates within Workspace ONE UEM to include OID-SID Extension and support for SID values in the SAN field.
- When assigning a certificate to a user in Active Directory (AD), it is essential to format the certificate entry using one of the strong formats.
- Ensure that the Security Identifier (SID) is selected in the Active Directory Certificate Services (ADCS) certificate template. The Certificate Signing Request (CSR) must contain the OID-SID key-value pair and this extension is present in the generated certificates.
- Alternatively, the same value can be submitted in the SAN field and is the primary implementation for SCEP-based certificates.
For more information, see Certificate-based authentication changes on Windows domain controllers.
Integrate DigiCert ONE with Workspace ONE UEM for enhanced security
Workspace ONE administrators can now set DigiCert ONE as a trusted certificate authority within UEM. Following this, they can create a certificate template and utilize the profile’s credential payload to issue and deploy certificates. This integration significantly enhances stability, security, and authentication, facilitating the effective use of certificates across various domains, including Public Key Infrastructure (PKI) and S/MIME.
Freestyle Orchestrator
Streamline onboarding entitlements in workflows
Onboarding entitlements within workflows allow administrators to prioritize resources essential for onboarding, which take precedence over other resource assignments. This is available only for Windows. For more information, see Onboarding Workflows.
Enhance device onboarding through offline domain join within workflows
You can now incorporate the domain joining process into workflow systems, enhancing the onboarding process for devices and allowing devices to join a domain before other resources are deployed. This is available only for Windows. For more information, see Offline Domain Join in Workflows.
In-line Sensor evaluation: A better way to use Sensors within workflows
Sensors are now assessed at their step within the workflow rather than at the beginning of workflow execution. This approach enables administrators to monitor sensor values within the workflow as needed instead of re-using the value stored from evaluations done prior to the start of execution.
Enhanced reporting for application deployments within Freestyle Orchestrator
Gain better visibility into application deployment outcomes with improved reporting capabilities for Windows devices. When app deployments are triggered from Freestyle workflows, you’ll now receive detailed status updates, clear failure reasons, and timestamp enrichments.
Workflow Engine Enhancements
The workflow engine has undergone a significant backend enhancement with an upgrade to .NET 8.
iOS Management
Enhance device security with Managed Device Attestation
Managed Device Attestation is available for devices running iOS 16, iPadOS 16.1 or later with Apple Silicon or A11 Bionic chip or newer. This feature offers robust verification of the device’s properties, which are essential for trust evaluation. This cryptographic declaration of device properties is based on the security of the Secure Enclave and the Apple’s attestation servers. By leveraging attributes such as Serial Number, UDID, and OS version, Managed Device Attestation enhances trust evaluations for devices enrolled through Automated Device Enrollment or profile-based device enrollment. For more information, see Managed Device Attestation.
This feature is Generally Available from 2506 Patch 1.
After device wipe, return to service easily with automated reprovisioning process
With this exciting new feature, organizations can easily wipe all user data from a managed iOS device and get the device back into service without needing administrators to physically handle it. Workspace ONE UEM supports Return to Service functionality for iOS 17 devices, allowing MDM to add an enrollment and Wi-Fi profile to the device wipe command. This automated process eliminates the need for manual Wi-Fi configuration by administrators post-Device Wipe. For more information, see Return to Service.
Easily release a device from Apple Business Manager and Workspace ONE UEM
You can release corporate iPhones and MacBooks from Apple Business Manager or Apple School Manager if they’ve been sold, lost, are beyond repair, or when an employee moves on from your organization. With Workspace ONE UEM, you can now release devices using the Enterprise Wipe, Device Wipe, and Delete Device actions. By default, this capability is only available to administrators with the System Administrator role, with plans to extend access to Console Administrator and AirWatch Administrator roles in the near future. For more information, see Release a Device.
Enhance Apple Books delivery with Modern SaaS Architecture
The delivery of Apple Books (internal and public, not VPP books) now leverages our Modern SaaS Architecture to significantly improve delivery performance. Read more about our new architecture here.
Apple GitHub integration for DDM configurations is now available
Declarative Configurations was in limited rollout in 2410 release and is now Generally Available from 2506 Patch 3. Declarative Configurations now integrate directly with Apple’s GitHub-hosted MDM developer documentation. This integration streamlines how we implement and update DDM configurations, enabling significantly faster development cycles and improved alignment with Apple’s latest specifications. To explore Declarative Configurations in Apple’s GitHub MDM documentation, visit the GitHub Device Management repository.
The following new DDM configurations have been added with 2506 patch 3:
- Software Update: Settings
- Math Settings
Launcher
Custom XML Settings Integrated into the Console
Some settings introduced to Workspace ONE Launcher can only be configured through XML pushed through the Custom Settings profile. We have configured these settings as native features or settings in the Launcher profile payload.
The following features have been integrated into the Launcher profile:
- Speed Lock
- Dynamic App Availability
- Show Logout Button from Guest Mode
- Require Tunnel before Launcher
For more information, see Workspace ONE Launcher product documentation.
Linux Management
Easily implement firewall rules on Linux devices
In addition to the recent profile releases, including Date/Time, Proxies, Passcode, and Restrictions, we are excited to introduce support for a Linux Firewall Profile. This new profile allows users to configure firewall rules that will be enforced on the device once assigned and deployed. For more information on profiles, see Linux Profiles.
Enhancements to Workspace ONE Sensors
To provide greater flexibility and choice, administrators now have the option to write Workspace ONE Sensors using Python 3, in addition to the existing option of using Bash. For more information, see Sensors for Linux Based Devices.
macOS Management
Enhance device security with Managed Device Attestation
Managed Device Attestation is available for devices running macOS 14 or later with Apple Silicon or A11 Bionic chip or newer. This feature offers robust verification of the device’s properties, which are essential for trust evaluation. This cryptographic declaration of device properties is based on the security of the Secure Enclave and Apple’s attestation servers. By leveraging attributes such as Serial Number, UDID, and OS version, Managed Device Attestation enhances trust evaluations for devices enrolled through Automated Device Enrollment or profile-based device enrollment. For more information, see Managed Device Attestation.
This feature is Generally Available from 2506 Patch 1.
Easily release a device from Apple Business Manager and Workspace ONE UEM
You can release corporate iPhones and MacBooks from Apple Business Manager or Apple School Manager if they’ve been sold, lost, are beyond repair, or when an employee moves on from your organization. With Workspace ONE UEM, you can now release devices using the Enterprise Wipe, Device Wipe, and Delete Device actions. By default, this capability is only available to administrators with the System Administrator role, with plans to extend access to Console Administrator and AirWatch Administrator roles in the near future. For more information, see Release a Device.
Apple GitHub integration for DDM configurations is now available
Declarative Configurations was in limited rollout in 2410 release and is now Generally Available from 2506 Patch 3. Declarative Configurations now integrate directly with Apple’s GitHub-hosted MDM developer documentation. This integration streamlines how we implement and update DDM configurations, enabling significantly faster development cycles and improved alignment with Apple’s latest specifications. To explore Declarative Configurations in Apple’s GitHub MDM documentation, visit the GitHub Device Management repository.
The following new DDM configurations have been added with 2506 patch 3:
- Account: CalDav
- Account: CardDav
- Account: LDAP
- Account: Mail
- Account: Subscribed Calendar
- Math Settings
- Screensharing: Connection
- Screensharing: Host Settings
- Disk Management: Settings
- Software Update: Settings
Resource Management
Pending Actions visible for troubleshooting
When troubleshooting device issues, you now have the advantage of accessing Pending Actions. This feature provides a comprehensive list of planned resource installation and uninstallation commands for Apps, Profiles and Workflows on a device the next time it checks in. To view a device’s Pending Actions, go to Device Details, navigate to More > Troubleshooting, and then select the newly added Pending Actions tab.
Installation metrics now retained upon Resource and Smart group updates
When assignment or payload updates are made to apps and profiles, or when their assigned Smart groups are modified and republished, installation metrics achieved so far will now be retained and remain visible on the Deployment Tracking page as Currently assigned. It denotes all devices having a confirmed assignment to an app or profile at any given time. This enhancement is currently being rolled out on a Limited Availability basis starting with Patch 16. If you are interested in an early access, get in touch with your account team.
Faster resource delivery for larger device populations
Faster resource delivery is now supported for a larger device population when apps and profiles are published. This type of delivery is initiated whenever new apps or profiles are published, assignments for existing ones are updated, profile payloads are modified, or Smart Group rules change if the number of devices impacted by such updates is below a defined threshold. Devices impacted by these updates will check in immediately and install or remove the necessary resources instead of waiting for the standard check-in cycle. This enhancement is being rolled out on Limited Availability starting 2506 Patch 12. Contact your Account Team if you would like to participate in the Limited Rollout or have any questions regarding this enhancement.
Rugged Device Management
Relay Server Management enhanced with V2 APIs
As part of our continuous efforts to streamline and expand product provisioning, we are launching Relay Server V2 APIs. These are UUID-based endpoints supporting basic CRUD operations, advanced search(by name, type, status etc.), and a test connection API to verify relay server connectivity. The V2 APIs enable secure, fully automated, end-to-end management of relay servers. For more information, refer to the ‘RelayServersV2’ section of API help page.
tvOS Management
After device wipe, return to service easily with automated reprovisioning process
Workspace ONE UEM supports Return to Service functionality for tvOS 18 devices, allowing MDM to add an enrollment and Wi-Fi profile to the device wipe command. This automated process eliminates the need for manual Wi-Fi configuration by administrators post-Device Wipe. For more information, see Return to Service.
User Management
Streamline user group management using the latest REST APIs
A new set of REST APIs is now available to simplify group management. These APIs provide functionalities including creating user groups, updating their properties, and performing actions such as synchronization and merging, and deleting unwanted groups.
Directory Services migration to Omnissa Identity Service
With this Limited Availability feature, you can now integrate with the Omnissa Identity Service to migrate Directory Services from on-premises Active Directory (LDAP) to Entra ID (SCIM 2.0). The Omnissa Identity Service provides a seamless transition to Entra ID for user provisioning and authentication through a guided migration wizard. This is designed for users who are synced to UEM through LDAP-based integration with Active Directory.
visionOS Management
Overview of recently added profiles for visionOS
The following visionOS profiles have been introduced to the Workspace ONE Console UI. For more information, see visionOS Profiles.
- AirPrint
- CardDAV
- Certificate Transparency
- DNS Proxy
- Domains
- Global HTTP Proxy
- Passcode
- Subscribed Calendars
- VPN
Windows Management
Launch native and App Volumes MSI apps directly from Intelligent Hub for Windows
With this enhanced app catalog functionality, you can now launch native applications and App Volumes MSI apps directly from the Intelligent Hub app catalog in addition to the existing ability to launch Web and Horizon apps.
The key new features are as follows:
- App Launch Support: Native apps and App Volumes MSI apps can now be launched from within the Hub catalog.
- Admin Control: IT administrators can define custom launch commands for all applications in the app configuration within Workspace ONE UEM.
- Improved User Experience: You no longer need to manually locate and open native apps post-installation; you can now launch them directly from the Hub interface.
Previously, users could install native applications through the Intelligent Hub, but launching them directly was not possible. Now, with launch commands configured in UEM, the Hub executes the command defined by the user, providing a seamless experience to both install and launch apps from a single interface. This enhancement simplifies app access and enhances productivity by reducing the number of steps required to open frequently used apps. For more information, see Installing Native Apps.
Default User Mode configuration during Windows device enrollment
Workspace ONE UEM now supports configuring the default user mode (Single User Mode or Multi User Mode) at the Organization Group (OG) level. This setting is automatically applied to Windows devices during enrollment through the Intelligent Hub client.
- Configuration in UEM console (Requires UEM version 2506 or later): Administrators can define the default user mode in the UEM console under the OG settings. The available options include:
- Single User Mode
- Multi User Mode
- Hub behavior during enrollment (Requires Hub version 24.10.10+ or 25.06.x):
- During the enrollment process, the Windows Intelligent Hub queries the UEM console for the default user mode setting.
- The retrieved mode is validated and stored locally by the Hub.
- Based on the setting, the Hub configures the Windows device accordingly.
Manage Intelligent Hub application versions on Windows devices
The Technical Preview feature, Intelligent Hub Application Version Control allows administrators to manage precise control over version of the Intelligent Hub is installed on Windows devices, supporting both Win32 and ARM platforms. You can now deploy Intelligent Hub updates independently of Workspace ONE UEM console upgrades and gain direct access to Beta builds without manual download or upload steps. Unified version control is available for both Intel/AMD (Win32) and ARM-based Windows devices.
Once enabled, the setting Intelligent Hub Automatic Updates will be renamed to Use Intelligent Hub Version Control, and a new section for Intelligent Hub Target Seeding will allow version assignment at the Organizational Group level. The key capabilities include:
- You can now assign specific versions to production OG to ensure consistency, while using the latest GA or Beta version in a test OG for validation.
- Instant application of changes to newly enrolled devices (including OOBE and Autopilot) with existing devices auto-updating within 48 hours.
- Downgrades are not supported for devices already running newer versions.
If Intelligent Hub Automatic Updates were previously enabled, the new setting defaults to Latest available. In contrast, if automatic updates were deactivated, the new version control setting will also remain in a disabled state.
Note: This feature requires Workspace ONE UEM version 2506 or later.
Faster SFD delivery and installation through the Intelligent Hub
Workspace ONE now supports a faster and more efficient installation of the Software Distribution Framework (SFD) by shifting the process from the traditional OMA-DM channel to a Hub-based installation. With this enhancement, SFD is bundled with Hub and is installed immediately after enrollment, enabling earlier application deployment and improving overall device readiness. We’ve made the following improvements:
- SFD is now installed through the Intelligent Hub, independent of the OMA-DM workflow.
- Installation occurs immediately after enrollment as the SFD package is part of the Intelligent Hub, reducing delays in the provisioning process.
- Applications can start installing sooner, accelerating time-to-productivity.
- Devices reach a usable state faster, enhancing the end-user experience.
Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.
Enhanced Offline Domain Join (ODJ) configuration
The Offline Domain Join (ODJ) configuration process has been significantly enhanced to improve reliability and flexibility, particularly in Autopilot Hybrid Join scenarios. Configuring Offline Domain Join is no longer tied to the device enrollment process. It can now be applied at any time, significantly reducing the risk of failures caused by race conditions or timeouts during Autopilot enrollments. With this update, ODJ can also be configured as a step within the Freestyle workflows, especially the new Onboarding workflows introduced recently, enabling IT teams to properly sequence and stage devices before they reach end users. This ensures a smoother onboarding experience and more consistent device readiness. For more information, see Offline Domain Join in Workflows.
Administrators can now deploy ODJ even after a device has been moved to a different Organizational Group (OG), including child OGs. Additionally, to maintain naming consistency, a device’s computer name will only change if it is not already joined to a domain.
Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.
Improvements in logging and troubleshooting
This release introduces several powerful enhancements to improve visibility, streamline troubleshooting, and reduce time-to-resolution for both end users and administrators.
- Log submission from Intelligent Hub: Users can now send logs directly to Workspace ONE UEM from the Hub Support tab, with two new options added alongside the existing Collect Logs feature:
- Send Hub Logs to UEM: Automatically uploads all Intelligent Hub-related logs to the UEM console. Logs are accessible under Device Details > Attachments > Documents.
- Send Other Logs to UEM: Sends logs from DEEM, Workspace ONE Assist, and Workspace ONE Tunnel to the same location in the UEM console. Users receive a confirmation once the log upload is complete, improving transparency and support efficiency.
- Application deployment event logging: To enhance visibility into application deployment, Intelligent Hub now sends detailed application deployment event summaries to the UEM console under Device Details > Troubleshooting > Event Logs. These event logs include data on detection statuses, Pre-condition checks, Exit codes and more helping administrators quickly identify the causes of application installation and uninstallation failures.
- Filter logs by duration and component: Administrators can now filter collected logs based on timeframe and log source, making it easier to isolate relevant data during troubleshooting.
- Timeframe Filters: All logs, or logs from the last 1, 3, 7, or 14 days.
- Component Filters: Hub (Logs from Intelligent Hub, App Deployment Agent, Provisioning Agent, Factory Provisioning, and MDM), System (Windows and PCRefresh logs), Other (Logs from Assist, DEEM Telemetry Agent, and Workspace ONE Tunnel).
Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.
Enhanced processor architecture selection for app deployment
This new feature provides administrators with granular control over app distribution based on processor architecture. Previously, administrators could only select one option among 32-bit, 64-bit, and ARM64 as the ‘Supported Processor Architecture’ during app deployment. UEM will then determine the distribution to device architectures in the backend, limiting flexibility. Key capabilities include:
- Multi-Selection Option: Administrators can now select multiple processor architectures during app deployment. The available options include 32-bit, 64-bit, ARM32, and ARM64.
- Granular Control: This enhancement allows for more precise control over app distribution. For example,
- Distribute a 32-bit app ‘X’ to devices with 32-bit and 64-bit architectures only, excluding ARM64.
- Distribute a 64-bit app ‘Y’ to devices with 64-bit and ARM64 architectures, utilizing x64 emulation for compatibility.
Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.
Support for Administrative Template (ADMX) with profiles
With this Technical Preview feature, Workspace ONE UEM now supports Administrative Template (ADMX), providing a unified and scalable way to manage Windows policies across the device fleet. With this feature, you can manage all administrative templates for Windows 10, Windows 11, and Windows Server directly from the UEM console. You are provided with Pre-Uploaded ADMX templates for common applications, including those for Microsoft Office, Omnissa Horizon, Google Chrome, Mozilla Firefox, and more.
Note: Reapplying baselines will reset policies applied though the ADMX profiles. The capability for Baselines and ADMX profiles to coexist seamlessly will be introduced when this feature becomes Generally Available. If you currently have baselines configured, refrain from using this feature.
Windows Native Enrollment: Auto-Move Devices to Specified OG via Allowlist
Administrators can now assign a target Organisation Group (OG) while creating allowlist records for Windows devices. Upon enrollment, devices automatically move to the specified OG, streamlining device management without requiring prior user association. This feature is in Limited Availability for Windows Native enrollment (Out of Box Enrollment / OOBE and Autopilot). To enable this feature, reach out to your account team.
Original source - May 4, 2026
- Date parsed from source:May 4, 2026
- First seen by Releasebot:May 5, 2026
Omnissa Workspace ONE Content Gateway Container Release Notes
Omnissa releases the first Workspace ONE Content Gateway Container 2601, adding a new independent containerized deployment option for Content Gateway with Omnissa dux. Administrators can now manage it separately from Unified Access Gateway for more flexible and scalable architecture.
We are excited to share the first release of Workspace ONE Content Gateway Container version 2601! Read on to learn about learn about the new option to deploy Content Gateway independently.
What’s New
Starting with 2601, Content Gateway can be deployed as a containerized, independent service using Omnissa dux. Administrators can deploy and manage Content Gateway separately from Unified Access Gateway, enabling flexible and scalable architecture options for their environments.
Note
This release only introduces an additional deployment option for Content Gateway using containerized deployment with dux. The Content Gateway package remains functionally identical to the Content Gateway bundled with Unified Access Gateway 25.12.
Minimum Requirements
- Workspace ONE UEM Console 2410 or later
- Omnissa dux 3.1
Download Instructions
You can download the Content Gateway Container software from Customer Connect.
Product Documentation
Omnissa dux
Content Gateway Guide
Support Contact Information
To receive support, either submit a ticket through the Customer Connect portal or call your local support line. See Omnissa Support Phone Numbers (6000004) and Omnissa Customer Connect FAQs.
Original source - May 3, 2026
- Date parsed from source:May 3, 2026
- First seen by Releasebot:May 5, 2026
Omnissa App Volumes 2512
Omnissa App Volumes adds major Windows endpoint management with full application lifecycle support, background delivery notifications, cleaner capture checks, Nutanix on-demand app support, and configurable log levels. It also includes multiple fixes and later 2512.4 stability updates.
Omnissa App Volumes 2512 | December 16 2025 | Build 4.20.0.109
Omnissa App Volumes 2512.4 | March 11 2026 | Build 4.20.4.128
Check for additions and updates to these release notes.
Omnissa App Volumes is a real-time application delivery system that enterprises can use to dynamically deliver and manage applications.
Omnissa App Volumes Release Notes lists New Features, resolved Issues and Known Issues for this release.
Urgent Notification regarding legacy Domain End of Service
As part of the migration from legacy VMware owned domains to Omnissa owned domains, customers' network and security teams must make firewall changes to allow access to the new Omnissa owned domains by June 15th, 2025, to prepare and not block the new Omnissa domain network requests in upcoming product and service updates. This also impacts any API driven tasks or automation tasks created. Please see KB article
What’s New
- General Availability: App Volumes Manager for Windows Endpoints
App Volumes Manager now provides full Application Lifecycle Management (ALM) for physical Windows endpoints, unifying packaging, delivery, rollback, markers, and version governance across both physical and virtual environments.
General Availability for Windows endpoints includes the following:
VHD + MSI in App Volumes Manager, enabling consistent capture, replication across file shares and compressed delivery across endpoints.
Local copy mode in the App Volumes Agent, ensuring reliable application delivery to physical devices while maintaining the App Volumes packaging and lifecycle model.
This release significantly expands the Apps Everywhere strategy, giving organizations a single platform to manage their entire Windows application portfolio.
Note:
Advanced lifecycle capabilities for physical endpoints require the Omnissa Apps Essentials license.
The VHD+MSI capability (and the related functionality such as Local Copy mode) requires App Volumes Manager to be configured with VHD In-Guest as machine manager. If your existing App Volumes Manager instance is configured with vCenter Server, you cannot perform an in-place upgrade and change the machine manager configuration to VHD In-guest.
Instead, you must install a new App Volumes Manager instance and configure the machine manager as VHD In-Guest.
App Volumes Agent Message for Background Package Delivery
When newly assigned application packages begin downloading, the App Volumes agent now displays a lightweight notification indicating that applications are being prepared in the background. This notification improves clarity during app delivery, reduces user confusion, and helps prevent unnecessary help-desk tickets while allowing users to continue working uninterrupted.
- Windows Update Detection Before Application Capture
App Volumes now checks whether Windows Update is enabled before application capture begins. If active, the administrator is alerted, preventing Windows Update artifacts from being included in the package. This results in cleaner, more predictable packages by avoiding OS-layer file contamination, metadata bloat, and version drift across Windows builds.
- Published Apps on Demand for Nutanix
App Volumes now supports Apps on Demand for Horizon deployments running on Nutanix. Applications can be assigned dynamically and launched instantly without pre-provisioning, improving resource efficiency and enhancing the published application experience in Nutanix environments.
- Configurable App Volumes Manager Log Levels
Administrators can now adjust App Volumes Manager logging levels without restarting services. This streamlines troubleshooting, reduces operational overhead, and maintains continuous service availability.
Resolved Issues for App Volumes 2512
The number included after each resolved issue is used by the internal issue tracking system:
[AVM-45428] Applications with missing App Links do not get synchronized to the target App Volumes instance even after the Sync Integrations background job runs multiple times. The application status for these applications is either Syncing App Links or Syncing Properties.
[AVM-45130] Applications with VHD+MSI packages are not delivered to Windows endpoints which are configured in the Shared Storage package access mode.
However, these applications are delivered correctly to Windows endpoints which are configured in the Local Copy package access mode.
[AVA-27205] Multiple shortcuts of an application having the same name are not displayed in the Start menu when the application is delivered as on-demand.
[AVA-27166] When icon index is more than the number of RT_GROUP_ICON resources, App Volumes agent fails to extract the application shortcut icon. As a result, the application when delivered on demand has blank shortcuts.
Note: When the application is launched for the first time, the application shortcut icon is correctly displayed.
[AVA-27071] End user experiences a delay when logging in or logging out of a Windows endpoint which has no network connection. The action eventually succeeds but there is a delay of approximately 5 minutes and the following message is displayed: Please wait for the svservice.
This issue occurs when the Windows endpoint is configured either in the Local Copy package access mode or the Standalone mode. For more information about these modes, see the Choose Your App Volumes Deployment Model and Application Delivery Modes with App Volumes Manager sections in the App Volumes Install Guide at Omnissa Product Documentation.
[AVA-26981] App Volumes applications using a local database and having intensive file open or file close operations might fail to run.
[AVA-26750] The following error You cannot call a method on a null-valued expression is observed multiple times in the command prompt when the support.bat loglevels command is used. This issue occurs when only the App Volumes agent is installed in a virtual machine and not the Horizon agent.
[AVA-25639] A file access or access denied error occurs when running a database-related application.
Resolved Issues for App Volumes 2512.4
[AVM-46052] “A ConnectionTimeoutError: Could not obtain a connection from the pool within… all pooled connections were in use” might occur due to a database connection leak when a large number of ESXi hosts are used for direct mounting of App Volumes packages.
Direct mounting occurs when a vCenter Server is configured as the machine manager with the Mount ESXi option enabled, or when an ESXi (Single Host) is configured as the machine manager. This issue is more likely when the number of ESXi hosts are high.
[AVM-45808] An end user cannot log into any virtual machine if their VHD Writable Volume stays attached after a virtual machine crashes.
In VHD In-guest mode if a Writable Volume is attached and the VM crashes, the following might happen: If a Writable Volume is in use during the failure, the file share might not release the file handle from the crashed virtual machine. As a result, the user is prevented from using the Writable Volume on other virtual machines. If the Exception Resolution setting of the Writable Volume is configured as Block user login, the user cannot login into other virtual machines.
When the Writable Volume is requested for a user and the unused file handle is released, the Writable Volume attachment is updated in App Volumes. The user can then use the Writable Volume in any virtual machine they log into. Administrators can configure the file share to modify the behavior of unused file handles.
[AVM-45692] The Browse button for selecting a custom location fails to work when installing App Volumes Manager in the custom location (other than the default location). As a result, App Volumes Manager cannot be installed in the custom location.
[AVM-45652] The launch of an on demand published application, which is delivered by App Volumes, fails in Horizon 2512 with the following error message The application could not be launched, possibly because it is missing or misconfigured. Contact your administrator for more information. This issue is seen with App Volumes 2512 and earlier.
[AVA-27442] In some environments like Hyper-V, application capture fails with the following error: virtual disk delete failed: The process cannot access the file because it is being used by another process.
Known Issues
The number included after each known issue is used by the internal issue tracking system:
[AVM-46052] A ConnectionTimeoutError: Could not obtain a connection from the pool within… all pooled connections were in use might occur due to a database connection leak when a large number of ESXi hosts are used for direct mounting of App Volumes packages.
Direct mounting occurs when a vCenter Server is configured as the machine manager with the Mount ESXi option enabled, or when an ESXi (Single Host) is configured as the machine manager. This issue is more likely when the number of ESXi hosts are high.
Workaround: Configure vCenter Server as the machine manager inApp Volumes Manager and ensure that the Mount ESXi option is not enabled.
Resolved: This issue is now fixed in App Volumes 2512.4.
[AVM-45808] An end user cannot log into any virtual machine if their VHD Writable Volume stays attached after a virtual machine crashes.
In VHD In-guest mode if a Writable Volume is attached and the VM crashes, the following might happen:
If a Writable Volume is in use during the failure, the file share might not release the file handle from the crashed virtual machine. As a result, the user is prevented from using the Writable Volume on other virtual machines. If the Exception Resolution setting of the Writable Volume is configured as Block user login, the user cannot login into other virtual machines.
Workaround: The user must log into the same VM to access the Writable Volume. When the user logs out of the virtual machine, the Writable Volume can be used on another virtual machine.
Resolved: This issue is now fixed in App Volumes 2512.4.
[AVM-45692] The Browse button for selecting a custom location fails to work when installing App Volumes Manager in the custom location (other than the default location). As a result, App Volumes Manager cannot be installed in the custom location.
Resolved: This issue is now fixed in App Volumes 2512.4.
[AVM-45652] The launch of an published application on demand, delivered by App Volumes, fails in Horizon 2512 with the following error message The application could not be launched, possibly because it is. This issue is seen with App Volumes 2512 and earlier.
Resolved: This issue is now fixed in App Volumes 2512.4.
[AVM-36787] The following error is logged in App Volumes Manager when session hosts in a host pool are shut down: Session: Request is missing session cookie. In the Azure Virtual Desktop environment, a session cookie is provided only when an end user logs into a computer. If a computer starts and shuts down without any end user logging in, then a session cookie is never set. This results in a 401 (unauthorized) error. This error does not affect the end user.
[AVA-27442] In some environments like Hyper-V, application capture fails with the following error: virtual disk delete failed: The process cannot access the file because it is being used by another process.
Resolved: This issue is now fixed in App Volumes 2512.4.
[AVA-26831] If a packaged application launches many processes quickly, one after another, svservice.log might contain a large number of nearly identical lines related to User Sentiment.
Workaround: None. Ignore these lines in the log file.
[AVA-24547] .tmp files are seen in the install directory when an upgrade rolls back in a persistent machine with active entitlements. These files do not affect any App Volumes operations. By default, these files are automatically deleted after the machine restarts.
Workaround: If they are not deleted due to any issue, then you can navigate to the install directory and manually delete the files.
[AVA-24493] If the CURRENT marker of the application is modified after the user launches the application in a session, RemoteApp launch silently fails in Azure Virtual Desktop.
Workaround: To use the RemoteApp, the end user must log out of the Remote Desktop client app and log back in again.
[AVA-26351] An OS junction point from a native folder that belongs to a banned list to a non-virtualized folder (such as %APPDATA% in configurations that do no use UIA+Profile Writable Volume or a Profile-only Writable Volume) does not work properly. Files written to the junction source do not appear in the junction target.
[AVA-26353] In a multi-session environment, the error associated with the Microsoft Office application is also visible to users who are not assigned this application package. While the application does not behave as expected for the users assigned to this package, the error has no effect on users who are not assigned to the package.
[2791414] When a Writable Volume and FSLogix Office Container are deployed together in a VDI, the FSLogix Office Container VHD is not created on an SMB file share. This issue occurs only when the Cloud Cache feature is enabled.
Workaround: Deactivate the Cloud Cache feature of FSLogix Office Container.
[2624048] Sometimes, the applications that are packaged using App Volumes versions older than 2.18.2 have many redundant firewall rules. These rules can impact the end-user login time on agent computers where the application package is deployed. This issue is fixed in App Volumes 2.18.2 and later.
Workaround: If you are migrating an application package created in an App Volumes version earlier than 2.18.2 with such an issue, repackage the application after migrating to the target version.
[2845852] When a remote printer is defined on a UIA+Profile Writable Volume and the printer is attached to its print server through a USB interface, the printer definition on the Writable Volume might get deleted on the next non-persistent logon.
Workaround: On the system volume, add the following two scripts to %SVAgent%\Config\Custom\uia_plus_profile :
OnPreLoadApp.bat: sc config spooler start= disabled net stop spoolerOnPostEnableApp.bat: sc config spooler start= auto net start spoolerIf you already have the same script names on the Writable Volume, add the spooler commands to the scripts.
When a script is present on a Writable Volume and in the system volume at %SVAgent%\Config\Custom\uia_plus_profile , App Volumes agent runs the script present on the Writable Volume and ignores the script on the system volume. To ensure that the App Volumes agent runs both scripts, you can add the following to the script on the Writable Volume:
if exist "%SVAgent%\Config\Custom\uia_plus_profile\%~nx0"("%SVAgent%\Config\Custom\uia_plus_profile\%~nx0")[2115593] A Writable Volume move or copy operation might fail when bulk operations are performed on many volumes.
Workaround: Retry the move or copy operation.
App Volumes Documentation
- For information about how to install, deploy, and upgrade Omnissa App Volumes see Omnissa App Volumes Installation Guide.
- For information about how to configure and use Omnissa App Volumes see Omnissa App Volumes Administration Guide.
Omnissa App Volumes documentation is available at Omnissa Product Documentation.
Internationalization
App Volumes content is available only in English.
Support Contact Information
To receive support, access Customer Connect.
To file a Support Request in Customer Connect and via Cloud Services Portal, see How to file a Support Request in Customer Connect and via Cloud Services Portal -6000005.
Original source - May 3, 2026
- Date parsed from source:May 3, 2026
- First seen by Releasebot:May 5, 2026
Omnissa Workspace ONE Tunnel Container 26.03
Omnissa Workspace ONE Tunnel Container adds a native ARM64 build, extending support to ARM-based systems alongside x86 and x64 platforms.
Omnissa Workspace ONE Tunnel Tunnel Container Release Notes describe the new features and enhancements in each release. This page contains a summary of the new capabilities, issues that have been resolved, and known issues.
Omnissa Workspace ONE Tunnel Container 26.03
What’s New
New ARM64 build
Introducing a native ARM64 build, enabling support for ARM‑based systems alongside x86 and x64 systems.
Minimum Requirements
Workspace ONE UEM Console 2410 or later
Resolved Issues
We are always working to improve Workspace ONE Tunnel with every release. There are no major bug fixes to report.
Known Issues
We haven’t identified any notable known issues in this release. If you’re facing any problems, feel free to reach out to our support team.
Original source