Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3 GA Release Notes
1
Table of Contents
Chapter 1: Mobile Device Management 3
Console Device Management 3
Device Lifecycle and Enrollment 4
Directory Services and User Management 4
Compliance 4
Reporting and Events 5
Privacy 6
Smart Groups 7
Self-Service Portal 8
Telecom 8
Android 9
Windows Desktop 10
Windows Phone 12
Peripheral Device Management 13
2
Chapter 1: Mobile Device Management
Chapter 1:
Mobile Device Management
Console Device Management
l Added industry templates, which are configuration wizards that enable administrators to deploy recommended,
industry-specific applications and policies.
o Configure industry templates with apps and policies chosen for the selected mobility initiative.
o Assign templates to quickly deploy apps and policies to selected end users.
o For more information, see https://support.air-watch.com/articles/98650118-Getting-Started-with-Industry-
Templates-for-iOS.
l Added the ability to quickly select a range of devices spanning several pages on the Device List View screen.
o To perform bulk actions in the past, an administrator had to use the global check box, which resulted in only a
few low impact actions being available due to security constraints.
o Using this new feature, administrators can easily select a larger number of devices and have more actions
available to perform on their devices.
o Select the check box for a device, then while holding Shift, select the check box for the last device to select all
devices in that range. The last selection can span consecutive pages.
o With multiple devices of varying platforms selected, only the actions that are applicable to every device in the
selection are available.
l Increased the maximum character limit for Android push notifications to 1,500 characters to accommodate sending
multiple web clips in a single push notification.
o Requires VMware AirWatch Agent for Android v6.0.
l Added the ability to send URLs through push notifications to Android devices, which become clickable links on the
device.
o Requires VMware AirWatch Agent for Android v6.0.
3
Chapter 1: Mobile Device Management
l Added functionality so that when the option Apply mapping on enrollment only is enabled on the Groups
& Settings > All Settings > Devices & Users > General > Enrollment page on the Grouping tab, post-enrollment user
group-to-organization group mapping does not apply so that devices that have been moved manually are not be
moved back on the next user group sync. Devices will remain enrolled to the same organization group.
l Added logic to automatically re-activate users in the AirWatch Admin Console when they are reactivated in your
directory service.
l Added the ability to integrate your AirWatch directory service with your VMware Identity Manager directory service.
o Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager
and select the Configure button to begin.
o After configuring directory integration settings between your AirWatch instance and your Identity Manager
instance, your end users will only need to sign in once using Workspace One and be able to access all of your
organization’s available recommended apps without the need to sign in each time.
Compliance
l Added the ability to use iBeacon area as a compliance policy rule.
o Set actions based on whether devices are within or not within a given iBeacon group.
4
Chapter 1: Mobile Device Management
o Added logic to ignore special characters in the application name for the Device Application Summary and Device
Application Detail reports.
o Updated the Deployed By drop-down for the Device Application Detail report as follows:
n Internal Applications (Managed) – Lists internal uploaded managed apps for selected organization groups.
n Public Applications (Managed) – Lists all public (includes purchased apps) recommended managed apps
uploaded to the AirWatch Admin Console for selected organization groups.
n Public Applications (Unmanaged) – Lists all BYOD apps installed by end users for selected organization
groups.
n All the above (Managed & Unmanaged) – An aggregated list of all three options above.
o Updated the Models drop-down for the Application Compliance report to list only Apple devices (iPod, iPad,
iPhone).
o Note that you may encounter subscription issues for Device Application Detail, Application Compliance, and
Device Application Summary reports as a result of some of the performance improvements. Please recreate
these subscriptions as appropriate.
5
Chapter 1: Mobile Device Management
Privacy
l Added a visual privacy notice for end users of AirWatch applications.
o The new privacy notice helps foster app adoption and adds transparency for end users by explaining what apps
can gather and access.
o You can deploy the privacy notice for iOS and Android devices after device enrollment. You can also include the
notice as part of a device activation email as a lookup value. The privacy notice content is automatically
configured based on the assigned ownership group and device ownership settings.
o Configure privacy notice settings by navigating to Groups & Settings > All Settings > Devices & Users > General
> Privacy and scrolling down to the User Friendly Privacy Notice section.
6
Chapter 1: Mobile Device Management
For more information about the privacy notice, including how to add it as part of a device activation email, refer
to the VMware AirWatch BYOD and Privacy Guide.
l Added a Privacy Officer role for delegated privacy policy management. This role can modify the Privacy resource in
the AirWatch Admin Console, and can grant permission to modify the Privacy resource to other administrators. By
default, all other resources in the AirWatch Admin Console are set to Read-Only for this role.
Smart Groups
l Removed assignment groups with no actions.
o If an administrator does not have access to a certain smart group, organization group, or user group on the
Assignment Groups page, then the group will no longer be displayed. This helps eliminate any confusion about
7
Chapter 1: Mobile Device Management
l Added information about which organization group a selected smart group is managed under during assignment.
l Improved smart group performance during organization group and user group assignment.
o When assigning multiple organization groups and user groups to profiles, apps, and policies, a new algorithm
creates the supporting smart groups in parallel instead of in series, causing the View Device Assignment page to
display quicker.
Self-Service Portal
l Disabled the option for end users to edit their email address if their user account has e-signatures enabled.
o As part of this security enhancement, when DocuSign is enabled, end users cannot edit their email address from
the Self-Service Portal. DocuSign is used to securely sign digital documents, so allowing end users to edit their
email address might give unauthorized users access to sensitive data.
l Added logic to hide the "Locate device" action when privacy settings are restrictive.
o When Privacy settings for Location are set to "Do not collect or display", the "Locate device" action is hidden in
the SSP to reduce confusion.
Telecom
l Added the ability to allow plan creation and assignment at child organization groups. For example, to delegate
telecom management to regional offices.
8
Chapter 1: Mobile Device Management
Android
l Implemented the following enhancements to VMware® AirWatch® Launcher functionality.
o Added the ability to lock a device into a particular orientation (landscape versus portrait).
o Modified how end users can access the device settings when in single app mode. Previously, a permanent
floating access icon let end users access settings. Now, the icon disappears after ten seconds, and end users can
tap the Home button on their device to see it again.
o Added a device info widget, which lets end users long-press on their device to see a widget with battery, time,
and other device details.
o Added default functionality that blocks the native Android multi-user capabilities on Samsung devices.
9
Chapter 1: Mobile Device Management
Windows Desktop
l Added the ability to fetch and store IMEI and SIM information for Windows 10 desktop devices.
o Administrators can use IMEI values for whitelisting certain devices. You can then configure AirWatch so that only
those devices that have been whitelisted (registered) are allowed to enroll.
l Updated the Windows 10 desktop Windows Update payload. To see the new options, navigate to Devices > Profiles
> List View > Add, select Windows > Windows Desktop, then select the Windows Update payload.
o Administrators can set policies on how updates are delivered to end user devices (automatic vs. user-authorized)
and define maintenance windows (preferred time of day) so that updates do not interfere with end user
productivity.
o Configure whether updates for Microsoft or third party products may be installed along with Windows updates.
o Configure whether Windows Insider Builds should be pushed to end users.
o Configure the update branches to control the deployment schedule based on an organization's preferred
approach.
o Configure delivery optimization by using peer-to-peer delivery of Windows 10 updates.
l Added support for the Remote Management Service for Windows Desktop and Windows 7 devices. Administrators
can now remotely manage their Windows Desktop and Windows 7 devices through multiple functions including:
10
Chapter 1: Mobile Device Management
o File manager between the end user device and the administrators device.
o Remotely view and control the end user's screen.
o Control what tasks and applications are running on the device.
11
Chapter 1: Mobile Device Management
Windows Phone
l Added support for Windows 10 Mobile Passport for Work with the new Passport for Work profile.
o Passport for Work is a more secure way of signing into Windows and applications. Instead of using a shared
secret like a password, Passport for Work helps to securely authenticate to applications, websites, and networks
on your behalf without sending a password.
o Use this policy to set PIN strength and allow biometric use.
12
Chapter 1: Mobile Device Management
o This features allows administrators to determine what makes a Windows Phone flag as compromised to better
detect such devices or provide conditional access to only compliant devices.
13
Chapter 2: Rugged Devices
Chapter 2:
Rugged Devices
Product Provisioning and Staging
l Added the ability to define custom attribute rules at a customer organization group for all of its child organization
groups.
o This features lets administrators dynamically assign a managed AirWatch device to a desired organization group.
It is an alternative to IP-based rule assignments that performs the same function.
o After ensuring you are in a customer organization group, navigate to Groups & Settings > All Settings > Devices
& Users > General > Advanced and select Enable Device Assignment Rules.
l Added a test connection features for relay servers. To see this feature, navigate to Devices > Staging & Provisioning
> Relay Servers > Add. On the Console Connection tab, select Test Connection.
14
Chapter 2: Rugged Devices
o This new feature lets administrators test the various FTP server process from the AirWatch Admin Console both
before and after they save the relay server configuration.
o View and export the test log to pinpoint the exact FTP functions that are the root cause of errors and to
determine how best to resolve any issues.
l Updated the Relay Server List View page to help administrators easily monitor the synchronization of files to
configured relay servers and quickly troubleshoot issues.
o This page now displays two status columns: Source Server and Relay Server. These columns let administrators
see the status of files that are transferred among the source server, the AirWatch Admin Console, and the relay
server.
o You can also view the status of individual products and product sets to validate that all files have successfully
transferred to the relay server.
15
Chapter 2: Rugged Devices
l Added the ability to purge job data from the AirWatch Admin Console database.
o You can mitigate performance issues and database crashes by using this new feature, which removes all job data
from the database every 90 days. This is especially useful if you have a large number of devices and thus a large
number of job records.
o This purge includes job logs received from devices as well as job history for devices.
o To set the amount of days the data should store before purging, navigate to Groups & Settings > All Settings >
Admin > Data Purging and select the edit icon for Device Policy Job Purge.
o Updated the Staging & Provisioning navigation menu for a better user experience.
o Added the ability to use unmanaged applications, such as system applications, as assignments criteria for
16
Chapter 2: Rugged Devices
products for Android devices. To see these new rules, navigate to Devices > Staging & Provisioning > Product
List View > Add Product and select your platform. Select Add Rule to create an application assignment rule for
the product.
Windows Rugged
l Added a new GPRS/APN profile that lets administrators configure GRPS settings for cellular data usage for Windows
Rugged devices.
l Added delayed application execution to the Windows Rugged Launcher profile. To see the new setting, navigate to
Devices > Profiles > Add > Windows Rugged > Launcher.
17
Chapter 2: Rugged Devices
o This setting lets administrators specify when and how they want a whitelisted application to launch
(immediately, on valid IP/network connection, after a set number of seconds, or manually).
l Added support for using check in/check out in a fixed organization group, which restricts end users to a single
organization group.
o This means end users only have to enter their username and password when checking out a device.
Android Rugged
l Incorporated the Android staging batch file and instructions into the sideload staging bundle.
18
Chapter 3: Mobile Application Management
Chapter 3:
Mobile Application Management
l Previously, administrators were able to assume management of user-installed applications on iOS 9+ devices on-
demand. Now, you can automatically take over management on the assigned devices for desired applications at any
point in the application deployment cycle.
o For example, if an end-user deletes an application that was MDM-installed and installs it directly from the App
Store, AirWatch will automatically assume management of the application on the device and send any existing
managed application settings, such as app configurations or per-app-vpn settings, along with it.
19
Chapter 4: Mobile Content Management
Chapter 4:
Mobile Content Management
Personal Content Management
l Added support for large file size uploads (up to 8 GB) of personal content to Remote File Storage.
o Only supported for Linux RFS deployments without the Content Gateway.
o You can only upload large files from the SSP and Content Locker Sync clients for PC and Mac.
l Replaced Redis with Hazelcast in RFS architecture. Existing implementations will continue to function as normal, with
the only change occurring if and when you re-install RFS.
o If you currently have RFS installed without CRE and want to upgrade to RFS 2.3, then re-run the new installer,
which installs Hazelcast and asks whether you wish to keep or remove the Redis instance. Keeping or removing
these Redis files has no impact on the functionality of RFS.
o If you currently have RFS installed with CRE and they use the same Redis instance and you want to upgrade to
RFS 2.3, then re-run the new installer, which installs Hazelcast for RFS, but when prompted DO NOT select to
remove Redis, because CRE still utilizes it for functionality.
o For more information, see the VMware AirWatch Remote File Storage v2.3 with Content Rendering Engine
Install Guide.
Content Gateway
l Created the AirWatch Content Gateway, which lets administrators provide their end users will secure access to
content.
o This functionality was previously the Content component of AirWatch Mobile Access Gateway for Windows and
AirWatch Tunnel for Linux.
20
Chapter 4: Mobile Content Management
Content Applications
l Added support for large file downloads on all content applications for desktop.
l Updated the user interface for the Content Locker Sync application for Mac OS X devices. Updates include:
o Improvements to the installation process.
n Added a guided installer package to streamline installation:
n Added an Introduction Tutorial to enhance the end user’s experience and ease of use.
n Required software components – mono framework – now bundled into the installer, eliminating the need to
complete a third-party download.
21
Chapter 4: Mobile Content Management
22
Chapter 4: Mobile Content Management
23
Chapter 4: Mobile Content Management
n Added a Sync toolbar menu option for access to additional file options.
24
Chapter 5: Mobile Email Management
Chapter 5:
Mobile Email Management
l Added the ability to require a profile for email receipt.
o With this enhancement, a new managed device policy Require ActiveSync Profile has been introduced. This
policy restricts email access to devices whose email clients are not configured with an Exchange ActiveSync
profile.
o This policy is applicable to SEG, PowerShell, and Google Apps.
o To activate this policy, navigate to Email > Compliance Policies > Managed Device Policies.
25
Chapter 5: Mobile Email Management
o The delta sync option is available on the MEM Advanced Configuration page.
26
Chapter 6: API Framework
Chapter 6:
API Framework
l Exposed the Personal Content APIs.
l Updated the API deployment architecture to deploy APIs based on application to improve scalability and
performance.
l Modified the method of handling versioning in the new API framework. V1 and V2 are no longer in the URLs for the
new endpoints. They should be appended to the Accept headers.
l Re-factored few API endpoints to meet REST standards. The re-factored endpoint will appear on the help page
notated as "Supported Endpoint URL".
l Updated the storage of logs. Logs are now stored corresponding to their section in the help page, API URIs and
websites. There are now a total of five logs.
27
Chapter 6: API Framework
o In previous versions, all APIs were on the same application. For this release, all APIs have their own applications,
including the help page.
n You may experience a slow response on loading the API help page the first time. All subsequent requests
should respond immediately.
l Incorporated validation to support only safe characters in APIs for security considerations.
o Due to this validation some characters may be supported in the Console but not in APIs. The following table lists
supported safe characters for APIs.
Character(s) Description
A-Z Uppercase Latin alphabetic characters
a-z Lowercase Latin alphabetic characters
0-9 Numbers
(Space) Space
! Exclamation mark
# Number sign, hash
$ Dollar sign
% Percent sign
( ) Parentheses
* Asterisk
28
Chapter 6: API Framework
Character(s) Description
+ Plus sign
, Comma
- Hyphen, minus
. Period, dot, full stop
/ Slash
: Colon
; Semicolon
= Equals sign
? Question mark
@ Commercial at
[ ] Square brackets
\ Backslash
^ Caret
_ Underscore
` Grave accent
{ } Braces, curly brackets
| Vertical line
~ Tilde
0x00A1 - Special characters between 0x00A1 (161 decimal) and 0x00AC (172 decimal). Characters in this
0x00AC range are encoded when useNamedEntities is true.
0x00AE - Special characters between 0x00AE (174 decimal) and 0x00FF (255 decimal). Characters in this
0x00FF range are encoded when useNamedEntities is true.
0x0100 - Latin extended characters between 0x0100 (256 decimal) and 0x017F (383 decimal).
0x017F
0x0180 - Latin extended characters between 0x0180 (384 decimal) and 0x024F (591 decimal).
0x024F
0x0250 - IPA Extension characters between 0x0250 (592 decimal) and 0x02AF (687 decimal).
0x02AF
0x02B0 - Spacing modifier letter characters between 0x02B0 (688 decimal) and 0x02FF (767 decimal).
0x02FF
0x0300 - Combining diacritical mark characters between 0x0300 (768 decimal) and 0x036F (879 decimal).
0x036F
l Updated the Global API daily quota limit so that it is no longer shared across tenants.
o Each tenant now receives an equal individual daily quota limit that is set at Global.
29
Chapter 7: Enterprise Integration
Chapter 7:
Enterprise Integration
AirWatch Tunnel
l Added integration between AirWatch Tunnel and VMware NSX.
o VMware NSX is the network virtualization platform for the Software-Defined Data Center (SDDC). NSX enables
you to manage your network and security services that are attached to virtual machines using a policy-driven
approach.
o Through the combination of AirWatch and NSX, organizations can complete the security bridge from the device
to the cloud data center while leveraging user, device and application validation. Administrators can easily
prevent personal or non-managed applications from using the secure datacenter connection without interfering
with user experience.
30