VoicePlus Blog

AirWatch - Workspace One - Updates - 2105

11 June 2021 by Michael Giffney 0 Comments

To view full release notes with resolved issues and known issues, see 2105 Release Notes.


  • Coming Soon - Deploying Android and tvOS profiles is now faster and easier with the new data-driven user interface.
    We are eager to get the new DDUI feature to you, but we want to make sure to resolve any issues that might affect usability. You can use this feature in the coming weeks as we roll it out. You will notice updates to your user interface when it is available. You can now configure profiles for Android and tvOS platforms using the new data-driven user interface, which includes new payload layouts, search capabilities, and profile summary. This data-driven model also allows new keys and payloads released by Google and Apple to be added to Workspace ONE for admins to deploy much more rapidly. For information specific to Android profiles, see How to Configure Android Profiles and for Apple tvOS profiles, see Apple tvOS Profiles.
  • Maximize your search results with wildcards in the UEM global search.
    You can now use asterisk wildcards in your global searches. For more information, see Global Search.
  • We've added a limit on bulk device deletions.
    To prevent you from accidentally deleting more devices than you intended from your tenant or organization group, we have implemented a limit on bulk device deletions. The new limit (100 devices) is enabled by default and does not require any changes to the system settings.

  • Opt-In or Out of Notifications Regarding Environment Upgrades and Maintenance.
    You can now choose whether or not to receive notifications when your Workspace ONE UEM environment is upgraded or maintained. For more information, see Configure Notifications Settings.

  • Enable or disable Hub Services experience at any child OG level in the OG tree.
    We've implemented Hub integration at the OG levelFor more information, see Configure Enrollment Options on Hub Integration.


  • Are you having trouble accessing Launcher features when your devices are not connected to a network? We've got a solution. Designate your Launcher profile as an offline mode profile.
    Offline mode profiles can now be accessed when the device is offline and allows you to continue your work even when you are unable to log in. For more information, see Configure Launcher Profile.

  • Coming Soon - Introducing Data-Driven Profiles for your Android devices – A faster way to take advantage of the new MDM APIs. 
    You will see several changes within your Android profile configuration with new profile layouts, search capabilities, and summary pages.

    • The Single App Mode profile has been renamed to Lock Task Mode which allows you to lock a single or pre-determined set of apps to the foreground of the device launcher. You can add apps to an allow list and set specific actions such as the use of the Home button or Show Recents with global action.
    • You can now specify if your users can use the autofill feature with their devices. Some apps can fill out the views in other apps with data previously provided by the user. You can enable or disable this feature in the Restrictions profile.
    • The Date/Time profile has been added to allow you to configure the Date and Time settings on Android 9+ Work Managed devices as well as prevent the user from modifying the configuration.
    • Under the Restrictions profile, calendar apps running in the personal profile can now show events from the work profile calendar. There is a new option, Enable cross profile calendar access in the profile that allows you to set this permission. This is available for Android 10 or later devices and requires support by the calendar application to share the calendar data to the system.
  • We now support device-based accounts with Corporate Owned Personally Enabled (COPE) enrollments. ​
    For scenarios where devices are not associated with a specific user, the enrollment settings have been updated to include device-based enrollments. This is useful for single-user staging when devices are enrolled prior to being given to the end-user. If Device-Based is selected, unique device-based accounts are generated on enrollment rather than re-using an existing managed Google account if the user has already enrolled a previous device. For more information, see Android Device Enrollment.
  • Want to make sure your devices are secure? Perform security audits on Corporate Owned Fully Managed Android devices by collecting a Security Log. 
    The security logs report possible security breaches on the device by reporting certain pre and post-boot activity, such as authentication attempts, credential storage modifications, attempted ADB connections, and more. You can customize this request in the Device Details. For more information, see Android Device Management.
    Note: This requires a future version of Workspace ONE Intelligent Hub. 

  • Automatic seeding of Android Manufacturers and Models. 
    Android device manufacturers and models are now added to the console automatically upon enrollment or device sync.  The OEM and models can be used for enrollment restrictions, compliance policies, and the newly introduced Android OEM & Model filter in Smart Groups.

Chrome OS

  • Automatically place devices in the intended Organization Groups.
    Chrome OS devices can now be placed into the expected Organization Groups based on User Group Membership. The UEM Extension for Chrome OS will report the current logged-in user, and the device record is automatically moved into the respective Organization Group.


  • Simplify macOS device provisioning with a new post-enrollment onboarding experience. 
    Keep users informed on the device provisioning process after enrollment completes with the new onboarding experience built into Workspace ONE Intelligent Hub. After enrollment is finished, Intelligent Hub will display a new window, tracking all incoming application installs. Administrators can enable and customize the experience in the UEM Console. For more information, see Enable Post Enrollment Onboarding Settings
  • Streamline enablement of Intelligent Hub on macOS endpoints.
    The existing seeded Privacy Preferences profile for macOS Intelligent Hub now also includes the Notifications payload and System Extensions payload to automatically enable all Intelligent Hub functionality on endpoints without needing to create the profiles yourself.

  • Allow standard users access to privacy permissions on macOS Big Sur
    With new keys in the Privacy Preferences profile, administrators can now enable users with standard permissions on macOS Big Sur to allow video conference tools to Screen Recording and Input Monitoring services.

  • Trigger macOS Sensors based on network
    With the new Network Change trigger, administrators can now configure Sensors to run whenever the device's network status changes.
    For more information, see Create a Sensor for macOS Devices.


  • Ability to support Tunnel Device Traffic Rules for Samba Domains for iOS Platform. 
    You can now add a Rule for Samba Domains in the Tunnel Device Traffic Rules UI. This feature is only supported for the iOS platform. For more information, see Create Device Traffic Rules.


  • Welcome Windows app approvals. 
    If you are using Windows Hub Client version 21.05, you can now provide justification when requesting Windows apps from the Hub Catalog. For more information, see App Approvals

  • Introducing BitLocker To Go Support. 
    Use the Workspace ONE UEM to require the encryption of removable drives on your Windows 10 devices with BitLocker.
    Just select the Enable BitLocker To Go Support check box in your encryption policy. When you enable support, users are prompted for a password, encryption happens and Workspace ONE UEM escrows the recovery key for the drive. 
    Users enter this password every time they access the removable drive on their devices. Find the encryption profile in the console at Devices > Profiles & Resources > Profiles. If users forget their passwords, you can recover the drives using the recovery key stored in the console at  Devices > Profiles & Resources > List View > Removable Storage tab. If you see thousands of recovery IDs, use the available filter functions to find the exact key you need. 
    For details about this support, see Encryption

  • Suspend and resume BitLocker on Windows 10 devices from the console.
    Use the More Actions > Suspend BitLocker or Resume BitLocker menu item in your device records to help your Windows 10 users without permission to control BitLocker. Choose to suspend a device and allow 1-15 reboots to conduct maintenance on a system, or resume BitLocker if it was suspended previously.
    For details about this feature, access Windows Desktop Device Management > More Actions

  • Create a domain join configuration for a Workgroup, and optionally create a local administrator account with Workgroup Join for Windows.
    You can now use and Workspace ONE UEM to join your Windows devices to a Workgroup. For details, access How Do You Deploy Domain Join Configurations for Windows Desktop?.

  • Duplicate baselines and edit the copies without the risk of compromising the original baseline.
    Make duplicate copies of your baseline with the same policies and values and customize them as per your requirement. For more information, see Using Baselines.

  • Keep managed apps on your Windows 10 devices on Enterprise Wipe. 
    Accelerate the process of re-enrollment of your Windows 10 device to a different user. For more information, see Windows Desktop Device Management.

Latest Posts

New call-to-action