We are excited to announce that VMware has been recognized as a Leader in the 2023 Quadrant Knowledge Solutions SPARK Matrix for End-User Experience Management (EUEM)! This designation validates the strong VMware EUEM offering that gives our customers the ability to solve challenges in employee engagement, help-desk support, device management, and more. To read the full version of Quadrant Knowledge Solutions’ analysis of VMware Workspace ONE, navigate here to access the report. 

Quadrant Knowledge Solutions conducts research both on a market level and on a vendor level to fully understand how each solution fits the current needs of customers. Vendors are evaluated in two categories: technology excellence and customer impact. Technology excellence evaluates the breadth and depth of each solution, and customer impact evaluates customer service, product strategy, and more. As a leader, VMware excelled in both categories. 

VMware Workspace ONE profile 

Quadrant Knowledge Solutions identifies monitoring capabilities, analytics, employee experience and sentiment measurement, and anomaly detection and remediation as core capabilities for an EUEM solution. Our VMware offering excels in all these areas and more. Quadrant Knowledge Solutions highlighted these critical functionalities in their analysis: 

• Employee Sentiment Analysis. Workspace ONE offers capabilities that include capturing employee sentiments through customized surveys. The results of these surveys are aggregated into dashboards for easy visualizations and decision making. Administrators can design and send surveys to end users, scheduled at a specific time or manually ad hoc. The platform also allows users to create custom dashboards with helpful widgets that provide instructions and previews and a wide range of pre-built dashboards. 

• Experience Scores. Workspace ONE can analyze user experience data in comparison to an organization’s thresholds and objectives to identify potential issues for users and provide insights to solve them proactively. Those scores can be measured across various device types, applications, and operating systems. 

• Workflow Automation. Workspace ONE Freestyle Orchestrator gives administrators the tools to automate workflows, including remediation processes for common issues users may face. In addition, Workspace ONE also enables self-service remediation options for end users, allowing them to leverage automation to solve issues themselves.  

• Remediation. In addition to self-service support and automated remediation, Guided Root Cause Analysis leverages artificial intelligence and machine learning to expedite the troubleshooting process and reduce time-to-resolution for service desk tickets. These models analyze comprehensive data to identify the source of issues quickly. The IT service desk, through the ITSM connector, seamlessly integrates with ServiceNow for experience scores, quick actions, and freestyle workflow within ServiceNow incident management. 

VMware Workspace ONE enables customers to take a comprehensive approach to hybrid workforce enablement by providing advanced monitoring and data collection capabilities, actionable insights by analyzing employee experience, and a breadth of routes to remediation that allow organizations to resolve issues faster.  

To read more about what makes VMware a leader in end-user experience management, click here to download the full 2023 Quadrant Knowledge Solutions SPARK Matrix for EUEM. 

The healthcare industry is in the midst of a transformative shift toward using cloud-based solutions. VMware and AuthX are already on the leading edge of this trend, and we are proud to announce our partnership! AuthX, is a prominent leader in identity management and authentication software. They specialize in passwordless multi-factor authentication (MFA), single sign-on (SSO) security, and electronic prescribing of controlled substances (EPCS) solutions, enhancing security by verifying user identities and assessing device health in a passwordless cloud-based ecosystem. The AuthX product lineup includes One-Tap Access (RFID tap and go), push auth, one-time password (OTP), personal identification number (PIN), finger, and face authentication methods. AuthX’s adaptive risk management helps detect and mitigate threats, making it a trusted choice for various organizations worldwide. This partnership between AuthX and VMware utilizes Horizon — the modern platform for more secure delivery of VDI, DaaS, and published apps — to revolutionize healthcare data access and identity management in the cloud, providing seamless and more secure experiences for healthcare providers.  

Together, VMware and AuthX have made substantial investments in shaping the future of healthcare work, ensuring that data and apps are both securely accessible and reducing the burdens placed on IT and clinical staff to drive adoption and clinical experience. This integration empowers healthcare enterprises to enjoy a consistent Horizon virtual desktop and app experience, whether they operate on premises or in the multi-cloud, thanks to the seamless interface with AuthX. 

This exciting integration, which seamlessly connects with the cutting-edge VMware Horizon VDI platform, empowers clinical professionals to access patient data with unprecedented ease. With an SSO process that is enriched by a variety of authentication methods, including RFID, biometrics, push auth, and OTPs, it’s all about convenience and security. Additionally, these authentication methods adhere to global identity management standards, setting a new benchmark for securely accessing healthcare data across the enterprise and cloud. 

“Through our strategic alliance under the Technology Alliance Partner (TAP) program with VMware, AuthX has not only strengthened its core capabilities but also solidified its position as a frontrunner in the industry. We firmly believe that this collaboration has propelled us ahead of any competitors, paving the way for a future where our authentication solutions redefine industry standards.” 

 — Marc Potash, CEO, AuthX 

“As we navigate the evolving landscape of cloud technologies, we firmly believe that this partnership between AuthX and VMware will add significant value to the way healthcare is managed. As healthcare enterprises continue to migrate workloads to diverse cloud environments, a scalable and secure method for accessing patient data becomes essential for the point-of-care. We are excited about this partnership with AuthX and the value we can mutually provide to the industry as customers drive their businesses to be managed via private and public cloud providers.” 

— Enrique Estrada, Senior Director of Healthcare and Life Science Solutions, VMware 

For more information on VMware’s healthcare industry solutions, check out this healthcare solutions page.

At VMware Explore, we took a deep dive into the next evolution in Android device management: Android Management API (AMAPI). Now, we’re excited to announce that the beta for AMAPI is live! The beta supports management of Android devices enrolled in Work Profile mode, which is used for BYO or personally owned devices.  

What is AMAPI? 

AMAPI is a new approach to Android device management in the enterprise. AMAPI is part of Android’s DNA — it is native to the Android OS and is developed by Google. This unlocks capabilities that are not possible in our current approach to Android Enterprise, called Custom Device Policy Controller (DPC). An example of an AMAPI-only feature is the recently introduced Lost Mode for Corporate Owned Personally Enabled (COPE) devices. Here are three benefits of AMAPI: 

• Simple: Workspace ONE Unified Endpoint Management (UEM) builds the desired state of the device and transmits it to AMAPI, which AMAPI applies to the device. This simplifies the process of supporting new Android features within the Workspace ONE UEM console.  
• Native: AMAPI is part of the Android DNA and is updated and maintained by Google. Therefore, device management best practices are built into AMAPI by Google, and it is a common stack used throughout the Android ecosystem.  
• Powerful: AMAPI takes additional steps to ensure that policies are enforced on devices. For example, AMAPI can enforce minimum passcode complexity requirements on personally owned devices.  

How is AMAPI different from Custom DPC?  

Today, Workspace ONE UEM uses an approach to Android Enterprise called Custom DPC. With Custom DPC, Workspace ONE UEM distributes policies, internal apps, and more to Workspace ONE Intelligent Hub, which acts as the primary management application of the device or Work Profile. Intelligent Hub applies these resources to the device and returns device information to Workspace ONE UEM. 

Public apps are applications published in the Managed Google Play Store. To distribute public apps, Workspace ONE UEM leverages the Google Play EMM API to distribute public apps to devices through the managed Google Play Store. 

Now, let’s go over AMAPI. With AMAPI, Workspace ONE UEM transmits the device’s desired state to AMAPI. In a similar manner to Custom DPC, this includes what public apps AMAPI should install on the device. Workspace ONE also transmits which management policies — passcode requirements, certificates, app permission settings — to AMAPI. In turn, AMAPI pushes policies to the Android Device Policy (ADP) client, which applies them to the device. In AMAPI, it is ADP, a native component of Android, that serves as the primary management application on the device. ADP runs on all Android devices with GMS on Android 5.1+. Note that Workspace ONE UEM defines its minimum supported OS versions here. 

Aside from applying management policies, ADP also transmits device state information to AMAPI, which in turn transmits this to Workspace ONE UEM through Google Pub/Sub.  

Workspace ONE Intelligent Hub remains vital to device management. It handles distribution of certificates and internal apps, and it enables unique features like product provisioning and Freestyle Orchestrator. Intelligent Hub is also more than just a management client. It hosts our unified application catalog, Mobile Threat Defense SDK, integrations with Intelligence for advanced analytics, and much more. This is why Intelligent Hub is present in all devices we manage using AMAPI. 

What are the IT admin and end-user experiences like for AMAPI? 

AMAPI introduces several admin and device end-user experience changes.  

As an administrator, you will see two major updates in the Workspace ONE UEM Console: 

1. When creating Android Profiles, you will now choose whether to create profiles for Custom DPC or AMAPI. 

2. You can now choose whether new devices enrolling into Workspace ONE UEM will be managed using Custom DPC or AMAPI. This can be set by mode (Work Profile, COPE, or Fully Managed) and by Organization Group. 

As a device end user: 

1. In addition to initiating enrollment through Intelligent Hub, you can now initiate enrollment of your personally owned devices by launching an AMAPI Enrollment URL. This Enrollment URL is shared by the UEM administrator and can be distributed through a QR code, text, email, internal site, or other means. 

2. When you set a policy that requires end-user interaction, AMAPI will take actions to ensure the policy requirements are met. For example, when you set minimum device passcode requirements via Profiles, AMAPI will suspend managed applications until the device passcode meets the policy requirements. AMAPI also guides the end user to set a passcode that is compliant with the policy. 

How and when should I adopt AMAPI? 

AMAPI represents the future of Android device management and has introduced many benefits, including unique features. We encourage organizations to familiarize themselves with AMAPI and adopt it as appropriate for their unique use cases.  

Whether a device is managed using Custom DPC or AMAPI will initially need to be decided at the time of enrolling a device. Organizations will be able to take a cap-and-grow approach in adopting AMAPI. Without impacting enrolled devices managed with Custom DPC, organizations can configure Workspace ONE UEM to use AMAPI for new device enrollments. Organizations can enable AMAPI for new enrollments for specific management modes (Work Profile, COPE, or Fully Managed) as well as for organization-specific groups only. 

We are excited to share that our roadmap includes supporting migration of devices from Custom DPC to AMAPI without requiring re-enrollment. This migration will be supported for all modes in the future — Work Profile, COPE, and Fully Managed.  

AMAPI beta and beyond 

The AMAPI beta is live today! Today, the beta supports management of devices in Work Profile mode, which is used to manage personally owned devices (BYOD). As the beta continues, we will add support for COPE mode and, later, Fully Managed mode. For more information regarding the different Android Enterprise management modes, please see the “Operational Tutorial for Managing Android Devices.” 

Similarly, support for Work Profile mode in AMAPI will be available in production environments first, followed by COPE and then Fully Managed modes. 

Sign up for the AMAPI beta on our VMware Anywhere Workspace Early Access Program portal here. You can find testing guides and other resources for AMAPI under the Android Intelligent Hub project.  

We look forward to your testing and feedback. Note that only the first wave of features has been released in our beta, and more will be added as the beta continues. Stay tuned for more updates!  

As technology continues to evolve and shape the modern workplace, companies are turning to data and intelligence to help stay ahead of the competition. The VMware Anywhere Workspace platform is the perfect example of how companies are harnessing the power of technology to build the workspaces of the future. Our End-User Computing (EUC) solutions keynote session at Explore Barcelona will highlight the latest Anywhere Workspace innovations that are both optimizing employee experience and ensuring better workplace security. In this blog post, I’ll discuss the importance of data and intelligence in the modern workplace, explore some of the key features of Anywhere Workspace, and discuss how companies can leverage these technologies to build more efficient and productive workspaces. 

Data and intelligence are two of the most important factors in building a more modern and efficient workplace. With Anywhere Workspace, companies can harness the power of data to optimize the employee experience and improve workplace security. This powerful solution leverages data science and automation to help employees work more efficiently and securely. It allows businesses to automate processes, monitor and assess employee experience, and provide employees with the tools they need to be successful. 

One of the key features of Anywhere Workspace is its ability to provide employees with access to all their apps and tools from any device, anywhere in the world with an internet connection. This makes it easy for employees to collaborate and stay connected, no matter where they are. Additionally, the solution uses data science to observe trends and identify anomalies. For example, IT teams could learn which apps are becoming more popular, or which apps are having performance issues that may need to be remediated. This can inform future decisions and optimizations, ultimately empowering employees to work more efficiently. 

Another important feature of Anywhere Workspace is its focus on security. With so many employees working remotely, it’s critical that companies protect their sensitive data and information. Anywhere Workspace provides a secure platform for employees to access their tools and applications, while also using automation and machine learning to detect and respond to potential security incidents. 

But the benefits of data and intelligence in the workplace go beyond just improving productivity and security. They can also help businesses make more informed decisions about their strategies and operations. By analyzing digital employee experience (DEX), companies can gain insights into their IT-provided services and identify areas for improvement, enabling better IT scalability and employee productivity. Outside of IT, by using data to understand customer behavior and preferences, businesses can create more targeted and effective marketing campaigns. 

In sum, the Anywhere Workspace is a great example of how companies are leveraging data and intelligence to build more efficient and modern workspaces. By harnessing the power of automation, machine learning, and data science, companies can improve the employee experience, enhance workplace security, and make more informed decisions about their operations.

If you’re looking for a way to boost productivity and stay ahead of the competition, please join us at Explore Barcelona, 6–9 November, to learn more about the Anywhere Workspace platform and to attend the EUC solutions keynote session, “Harnessing the Power of Data and Intelligence in Today’s Changing Workplace [EUSB2160BCN],” in person. Seating for the EUC solutions keynote session is limited, so please register in advance.

If you’ve been following my posts, you know that I firmly believe that digital employee experience (DEX) is the key to success in the modern world. It’s not just a buzzword; it’s the driving force behind financial gains, improved employee satisfaction, and heightened productivity. 

Exciting news! At VMware Explore in Barcelona, happening November 6–9, we’re offering an exclusive opportunity to dive deep into the world of DEX through a series of enlightening sessions. You can click here for the list of DEX sessions to add to your schedule. Here’s a sneak peek at 10 of the top DEX sessions at Explore Barcelona. 

1. “How Improved Colleague Experience Resulted in a Benefit of $57M in Retail” [EUSB1256BCN] 

Discover how a retailer transformed its fortunes by prioritizing DEX. Through real-world examples, we’ll illustrate how keeping colleagues informed, streamlining onboarding, and simplifying workflows can lead to substantial financial gains. 
 
VMware speaker: Ton Hermes, Strategy Director Digital Workspace 

2. “Digital Employee Experience Decoded: What Is It, and Why Should You Care?” [EUSB1608BCN] 

In the era of hybrid work, DEX has become mission critical. Join us as we demystify DEX and share insights into best practices. Learn from successful case studies showcasing improved ROI, enhanced employee satisfaction, and more effective collaboration.   
 
VMware speaker: Nick Brouillette, Group Product Line Manager 

3. “Supercharge Your Service Desk: How to Accelerate Issue Remediation” [EUSB1610BCN] 

Your DEX is only as good as your ability to resolve technical issues swiftly. With remote and hybrid work becoming the norm, this session will explore how VMware Workspace ONE can revolutionize your service desk operations. Discover the seamless integration with ITSM tools and remote support, empowering your service desk to provide superior assistance from anywhere.   
 
VMware speaker: Pooja Chengappa, Group Product Line Manager 

4. “Improve Digital Experience & Lower Costs with AI, Analytics, and Automation” [EUSB1611BCN] 

In today’s “Anywhere Organization” landscape, the pressure is on to optimize employee technology experiences while reducing costs. Find out how VMware’s DEX solution leverages AI-driven insights, recommendations, and automation to proactively enhance employee satisfaction and productivity.   
 
VMware speakers: Scott Kelley, Senior Director of Product Management; and Alexander Price, Sr. Director of IT 

5. “How to Leverage DEX Tools to Optimize Your Frontline Business” [EUSB1612BCN] 

Frontline workers face unique challenges, and DEX tools can make a significant impact. Dive deep into how VMware Workspace ONE supports frontline device deployments, creates engaging experiences, and drives data-driven decision-making.   

VMware speaker: Mitch Berk, Senior Director, Product Management 

6. “Help! Boost Productivity with Digital Employee Experience (DEX) for Horizon” [EUSB1623BCN] 

Overcome VDI and app-related productivity hurdles with VMware Horizon. This session demonstrates how Workspace ONE Intelligence, Workspace ONE Experience Analytics, and optimizations can keep employees productive and content.   
 
VMware speaker: Cris Lau, Product Manager 

7. “Analyzing Horizon User Experience Using Free Tools on VMware TestDrive” [EUSB2093BCN] 

Gain valuable insights on Digital Employee Experience test results. Understand the influence of various factors on end-user experiences and gain essential insights for planning, migrating, or upgrading Horizon workloads.   

8. “VMware Workspace ONE – Unified Endpoint Management, Intelligence – AMA” [EUSM1556BCN] 

Discover how to maximize Workspace ONE to support your organization’s digital initiatives. Then gain insights into unified endpoint management, self-service workspaces, end-user remote support, app management, and rich analytics. This session will show how these capabilities can drive your organization’s success.   
 
VMware speaker: Damon Hawkins, Lead Solution Engineer  

9. “Digital Employee Experience (DEX) — Ask Me Anything” [EUSM1558BCN] 

Connect with DEX experts to explore how Workspace ONE can deliver an engaging employee experience, measure success, analyze the digital environment, and remediate issues effectively.   
 
VMware speaker: Howard Bliss, Senior Lead Solution Engineer  

10. “Explore VMware Industry Leading Approach to Onboarding” [VMWB1502BCN] 

In today’s competitive job market, onboarding and retaining top talent are paramount. Discover how VMware redefines the entire employee experience, from Day 1 onward, using Workspace ONE and Horizon. Learn about the underlying technology, security measures, challenges, and the future of employee onboarding and retention.   
 
VMware speakers: Richard Godber, Service Delivery Senior Manager; and Dessyslava Wasseva, Sr. Manager Colleague Support  

A full list of DEX sessions you can add to your schedule can be found here. 

What else to expect from your DEX Explore experience  

Here are a few more reasons why you should spend time learning about DEX at Explore:  

• Exceptional networking: Engage with a diverse community of professionals who are deeply committed to transforming the digital employee experience. 
• Leading-edge knowledge: Gain insights from forward-thinking speakers who will illuminate the most current trends in digital employee experience. 
• Innovative technologies: Experience firsthand the latest technologies and software solutions that are redefining the digital employee experience terrain. 
• Memorable moments: Barcelona sets the stage for an exceptional event. Take the opportunity to relax, recharge, and connect with fellow attendees in an inspiring setting. 

The future of work is evolving right before us, offering exciting opportunities. Don’t miss the chance to be at the forefront of reshaping the digital employee experience by joining us at Explore in Barcelona. Unlock your organization’s complete potential, empower your team, and establish fresh benchmarks for excellence. Begin this thrilling journey with us, and we look forward to meeting you in Barcelona! Register here.

For additional details before the event, please visit the Digital Employee Experience Solutions page.

The latest release of Horizon 8, 2306, is available and it adds a host of new features. Each of these has been designed based on the feedback and requirements of our valuable customers. Let’s dive right in and see what’s new for servers and clients.

Horizon Server updates: simplifying management and bolstering security

Let’s get started with what is new on the Horizon Server side. These improvements are designed to streamline administrative tasks and enhance security. Here’s a breakdown of the features released in Horizon 2306.

Granular RBAC privileges for cloud-connected customers  

In Horizon 8 versions prior to 2306, to gain access to management and monitoring services for Horizon deployments, super admins were required to activate their SaaS subscription via the Horizon Control Plane. Now, with Horizon 2306, we’ve introduced more granular role-based access control (RBAC) privileges that allow the super admin to provide granular privileges to non-super admins, allowing them to activate and manage licenses, and monitor the Horizon environment. By applying specific privileges for admins, this feature eliminates the need for super admin roles for routine tasks, while it also provides tighter security and ensures that only authorized personnel can make significant changes. 

Block end user connection if no certificate check  

Security is always top of mind in Horizon development. To that end, we’ve introduced a new mechanism that can enforce the server certificate check. Once the setting is configured, when an end user requests to access a desktop or an app reaches the connection server, the request will have the client settings already mapped against the admin-configured settings on the server. Based on the configuration, The brokering behavior is determined based on the configuration There are now three potential actions — “Enforce,” “Warn,” and “Ignore” — that admins can use to mandate stricter certificate verification policies: 

• Enforce: A mandatory certificate check. If invalid, the connection is dropped. 
• Warn: The user gets a warning, is allowed to connect, and the event is logged. 
• Ignore: The certificate check is executed, but only a log entry is made without any user notification.  

This feature ensures a balance between usability and security, giving admins the flexibility to determine the rigor of their authentication process.  

Fixed timer for discarding SSO credentials bolsters security  

Customers can set a fixed timer to discard single sign-on (SSO) credentials to ensure re-authentication is required after a set time, further bolstering security. Admins can set the session time for end users and ensure they re-authenticate when new virtual desktop sessions or published applications are launched.  

Configure certificate mappings from console  

For those customers using certificate-based authentication such as smart cards, the Microsoft security update (KB5014754) will disallow weak certificate mappings such as user principal name and email. Horizon 2306 allows you to configure certificate mappings from the Horizon console. This feature provides three options: 

1. SID, which is considered the strongest and is the recommended option. 

2. Custom alt security identity, such as x509serialnumber, x509SKI. 

3. Legacy option, for customers who haven’t applied the security update and continue to use existing smart cards 

Instant Clone Smart Provisioning default mode 

Instant Clone Smart Provisioning will now default to Mode B (VMs created without a parent VM). Mode B is compatible with all the workflows such as vTPM and vGPU. Mode A (VMs created with a parent VM) is selected only when using vTPM device on an ESXi host version earlier than 7.0 update 3f. You can still change the provisioning mode as described in this KB (Knowledge Base) document, but it is not recommended.  

Improve with auto debugging for instant clones  

Auto debug mode allows admins to preserve the internal template VMs for debugging in case of provisioning errors. Previously, admins would have to set the configuration parameter for the golden image in vCenter to enable this mode. With this feature, admins can enable debug mode from the console, which is applied to all the instant clone pools in the vCenter. When on, internal template VMs are preserved in a separate folder in the vCenter, and these VMs are automatically deleted when this mode is turned off. It is recommended to enable the “Stop Provisioning on Error” setting so that provisioning stops at the first error, and that specific error can be debugged. 

Persistent disks for instant clones  

Horizon 2306 reintroduces persistent disks for dedicated instant clones, intended for customers who are still using persistent disks with dedicated linked clones in Horizon 7. This new feature provides a migration path for customers who cannot upgrade to Horizon 8 because of the persistent disks. For more information on migrating, read this document, “Migration Guidance to Move from Horizon 7.X to Horizon 8.” 

Cloud Pod Architecture session load distribution  

To assist Cloud Pod Architecture (CPA) in distributing user sessions evenly across resources within a global entitlement, 2306 introduces “Session Load Distribution Policy.” This new setting allows admins to select the session count policy to set a session load distribution policy on an individual global entitlement basis. With this, CPA will equitably distribute incoming session requests across resources based on the session count in relation to the capacity, providing a more balanced distribution across available resources. For example, if a global entitlement has two desktop pools, each with a capacity of 100 desktops, sessions would be distributed evenly across the desktop pools for better desktop and app performance. 

Now let’s move on to the newest updates for the Horizon Agent. We continue to strive for seamless compatibility and functionality across platforms, ensuring a smoother end-user experience for all. Read on to see what is new in experience features in 2306.  

Horizon Agent 2306: enhancing compatibility and user experience

Now let’s move on to the newest updates for the Horizon Agent. We continue to strive for seamless compatibility and functionality across platforms, ensuring a smoother end-user experience for all. Read on to see what is new in experience features in 2306.  

Improvements for the Linux agent  

Building on our existing support for Rocky on vSphere, Horizon 2306 adds support for Rocky Linux. Additionally, Horizon Desktop Recording support was added for Linux VMs allowing admins to record and replay sessions to help troubleshoot issues, ensure compliance and security, and monitor activity. Lastly, for our virtual integrated printing feature, a watermark can be added to the opening page of a document set.  

Enhancements in remote experience and codec support via Blast   

Next up are the improvements made to our Blast display protocol that continue to ensure end users have a seamless experience in a virtual session. 

• BSG RX feature allowance. With the Blast Secure Gateway Remote Experience, we introduce an “allow list” for specific features. Recognizing that some customers grant admin access to end users, the traditional GPOs and registry settings may fall short as they can be misused on the agent VM. For improved safeguarding admins can now restrict certain features at the UAG itself, such as USB redirection in case they have security concerns with the specific feature, and hence prevent a bad actor from allowing unauthorized features at the agent level.  
• AV1 codec enhancements. We’ve added hardware encode support for the AV1 codec on NVIDIA GPUs. Furthermore, we’ve extended support for Linux clients to use this codec. 
• Audio-video sync improvements for Mac. After refining the synchronization of audio and video on Windows clients, we’re extending those enhancements to Mac clients. 
• 3D hardware support for Linux VDI. For those running the Linux agent on physical desktops, it’s now possible to harness the power of 3D hardware within these desktops. 
• Enhanced Mac and Linux supportability. We’ve incorporated comprehensive logging information to facilitate Blast troubleshooting and aim to reduce the occurrence of black screens. This enhancement in logging is available for both Mac and Linux clients. 
• High definition and high dynamic range for HEVC codec. 2306 expands support to include high-definition color and high dynamic range for the HEVC codecs, available for Windows, Mac, and Linux clients. Additionally, it enables the HEVC 4:4:4 encoding on Intel GPUS, providing higher color accuracy in image rendering.  

Unified communications optimizations  

Here’s a rundown of the latest updates from 2306 that will elevate your remote collaboration experience: 

• Simulcast streaming for superior quality with Microsoft Teams. In the past, the overall video quality of a Teams group call was prone to degradation if one of the participants joined in from a poor network. Now, with the simulcast feature, each participant’s stream is independent of other user networks connected to the call. This means you’ll no longer have the entire group’s quality compromised, improving the overall user experience.  
• Mac client gets the Teams background blur. Now end users joining a Teams video call on their Horizon desktops from a MacBook can blur their backgrounds, providing the desired functionality when using video on Teams.  
• Screen snipping on Teams for Mac client. The Mac client now supports screen snipping or screenshots. If you’ve been in a scenario where your VDI runs in full screen with a Teams call on the endpoint, it might have created a black void while trying to screenshot in the VM. To combat this, the screenshot will be taken on the endpoint first and then saved to the VM. 
• Breakout rooms in Teams. Now end users can create breakout rooms on Teams optimized for Horizon.  
• Reactions in Teams. End users will now be able to send emojis and other reactions while on a Teams call. 

Finally, we will cover the features 2306 brings to each client. 

Horizon Client updates

Windows continues to advance, keeping in step with evolving user needs and technological shifts. Below, I’ll cover the latest features that are enhancing the Windows client experience in Horizon 2306: 

• ARM device support with emulation mode: Windows now officially supports ARM devices that operate in emulation mode. This support is exclusive to Windows 11, as it’s the optimal OS for ARM devices because it enhances their performance and usability. 
• Seamless Bluetooth pairing: Enhancing connectivity, users can now pair Bluetooth devices even after the VM is up and running. There’s no need to revert to the endpoint; devices can be located and paired directly within the remote desktop. 

• Visible passwords through GPO. Horizon 2306 introduces a new GPO to address challenges with complex password requirements. This allows users to view their password as they type, which helps users who have extensive password criteria. 
• WebAuthN (FIDO2) authentication for allowed applications. When discussing FIDO2, YubiKey is predominantly the focus for support. Users have been forwarding YubiKey as USB devices for authentication within the VM. However, forwarding YubiKey in this manner restricts its availability on the endpoint. Recognizing the need for a smoother user experience, especially for those using diverse apps, WebAuthN calls are now forwarded from the VM. WebAuthN is used by a broad range of websites and many Windows applications. Although not all apps are covered, this feature streamlines the process for the majority, limiting the need for full YubiKey forwarding via USB redirection. 
• Limit size of dump files. Recognizing the need to manage storage, Windows now provides settings to limit the size of dump files, ensuring system efficiency.  
• Drive redirection in nested mode: Windows now officially supports drive redirection in nested mode or double hop, enriching the user’s management capabilities. 

Linux client: advancements in management and feature integration  

Horizon 2306 provides new enhancements for the Linux client, ushering in greater flexibility and user-friendly features. Here’s a look into what’s new: 

• Deb installation package integration with main RX features. 2306 introduces a Deb installation package option that facilitates easier Linux management, especially if you’re utilizing a management tool tailored for digging.  
• Embracing AOMedia Video 1 (AV1) decoding. The Linux client now supports the AV1 codec, enhancing the decode capabilities for file type associations. 
• File type association. Mirroring features are available for Windows and Mac users; Linux now allows mapping of file types to remote apps. This ensures a more seamless user experience when accessing various file types remotely. 
• TrueSSO unlocked for Linux client. For environments equipped with TrueSSO, when a VM has gone to sleep, a pop-up screen will ask if the VM requires unlocking, which kick-starts the TrueSSO authentication flow.  
• Drive redirection in nested mode. The Linux client now supports drive redirection in nested mode for both Linux and Windows. In scenarios involving a double hop, starting from either Linux or Windows and transitioning to a Windows VM, users can forward their drive to the subsequent stop, most likely another Windows interface. 

Mac client: improved end-user features and workflows  

The latest release delivers features to improve the end-user experience and optimize workflows for end users using Mac clients in 2306. Here’s a snapshot of the newly introduced features: 

• Streamlined screenshots with Teams. We’ve integrated a feature that simplifies the process of capturing screenshots within Teams. 
• Seamless integration with Zoom and Cisco. Building on what we rolled out for Windows, Mac users can now host Zoom or Webex plugins on UAG. On the initial connection, the Mac client will download the plugin and receive a prompt for installation that will be available going forward.  
• Installation file change from .dmg to .pkg. The installation process for Mac client has shifted from the .dmg file format to .pkg. This change introduces a comprehensive UI for installation, moving away from the previous drag install method. 
• Advanced Wi-Fi Insights with DEEM. By incorporating the DEEM (Digital Employee Experience Management) module, Mac users can now collect data on Wi-Fi strength. This data integrates with Intelligence, marking a significant step for users who are utilizing Workspace ONE Intelligence for telemetry checks, and now provides the ability to remediate as needed.  
• Vendor-specific features for scanners. Scanners connected to a Mac might offer features that are not present in TWAIN specifications. The 2306 update allows the VM to capture these settings and show them in the scanner UI in the virtual machine.  
• True SSO unlocked for Mac client. Similar to the Windows client, Mac users can now reactivate the TrueSSO authentication whenever the VM enters sleep mode, ensuring uninterrupted access and operations. 

Chrome client: Improved end-user interactions  

Included in 2306 are features that enhance the end-user interactions using Chrome clients on a virtual desktop, while improving connectivity.  

• Support for Horizon Cloud next-gen. Horizon Cloud one next-gen uses an updated, modern authentication flow. In this release, all Horizon clients are now fully integrated and supported on this platform, signifying a significant stride forward in our cloud capabilities. 

• Bad connection warning. Following the success of the bad connection warning for Windows, we have extended this feature to both the Chrome client and HTML Access. Users can now be promptly notified of connectivity issues, ensuring smoother operations. 
• Split composite USB devices for redirection. 2306 adds support for composite USB devices. This is particularly beneficial for multifunctional devices like the Nuance PowerMic or keyboards equipped with credit card readers. Such devices, although registering as a singular USB unit, possess multiple functional components. With an upgrade to 2306, users can fully utilize these composite devices with ease. 
• Real-time audio-video performance enhancements. We have integrated performance enhancements for real-time audio and video interactions. Utilizing the H.264 codec, we are providing compression of both video and audio at the endpoint.  

Also of note is that VMware Horizon 8 is now certified for Common Criteria compliance by the National Information Assurance Partnership (NIAP). This NIAP certification means Horizon 8, recognized as a leader in VDI and apps, can be used in U.S. national security systems. Read the blog to learn more. Horizon is also Product Compliant List certified, which means it can be leveraged by other nations that follow the Common Criteria Recognition Arrangement (CCRA). This achievement is in addition to Horizon Cloud Service recently being authorized to operate in FedRAMP® and StateRAMP® High environments.

Well, that is a wrap for 2306! For more information on these features as well as others I did not cover, please review the Horizon 8 2306 release notes. 

Taking advantage of new features as they are released is one benefit to upgrading to our Horizon subscription license.  You can download version 2306 by visiting MyVMware.com. 

In the never-ending battle against cybercriminals, knowledge sharing is one of our most effective defenses. The more we can simultaneously learn from and educate fellow security experts, the more likely we are to stay one step ahead of threat actors. 

At VMware Explore 2023 Las Vegas, Lookout and VMware cybersecurity experts had the privilege to meet customers from various backgrounds and sectors to gain insights on why mobile devices are appealing targets for cybercriminals. For this blog, I had a conversation with Steve Banda, Head of Partner Marketing at Lookout. Steve joined us at Explore in Las Vegas, where we discussed the mobile security challenges and threats facing today’s organizations.   

These are the three most common questions we fielded from customers at Explore 2023.  

Question 1: What is the biggest mobile security threat that you see? 

By far the most frequent and severe mobile security threats we see are phishing attacks specifically designed to exploit mobile devices. And the unfortunate reality is that phishing attacks are often just the tip of a spear for more advanced cyber attacks. Threat actors and advanced persistent threat (APT) cyber espionage groups often use phishing as a means to distribute spyware or conduct surveillance campaigns.  

Attackers can steal credentials and take over legitimate accounts, where they can raise their access privileges or move laterally to other parts of your organization. Ultimately the goal is to identify and steal sensitive data and intellectual property, disrupt operations, and wreak havoc on regulatory compliance efforts.  

And while many threat actors are becoming more sophisticated, it’s also becoming easier than ever for attackers to perpetrate a phishing attack. Some attackers are now using malware as a service to supercharge their attacks, and these inexpensive and easy-to-use kits make it simple for anyone to perpetrate a phishing attack. We discussed how to protect against device, application, network, and phishing threats in the session, “Am I Being Phished? Protect Your Mobile Users with Workspace ONE Mobile Threat Defense,” which is available for free to stream online.

Question 2: How do we financially justify the investment we need to focus on mobile security? 

This question comes up quite a bit and the way to think about any investment in cybersecurity is in terms of potential financial and operational risk to an organization if breached. First, start with understanding the broader cost of cybersecurity breaches. According to data from Statista, the global average cost per data breach was USD $4.45 million in 2023, with this cost exceeding USD $9 million for a data breach in the United States. Adding to the pain, violators of GDPR can be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. 

Next, add in the contribution of mobile threats when it comes to understanding the cost implications of a breach. For starters, in 2022 Lookout reported 30% of personal and enterprise users were exposed to mobile phishing attacks every quarter. When we quantify risk by applying the Factor Analysis of Information Risk (FAIR) model, we estimate that the maximum potential financial impact of a successful mobile phishing attack to an organization of 5,000 employees is almost USD $4 million. 

Adding to the cost of a breach are the potential legal repercussions following the breach of customer information. Not long after VMware Explore 2023 concluded in Las Vegas, MGM Resorts and Caesars Entertainment were breached by a cybercriminal group, Scattered Spider. The group compromises data by targeting users in social engineering attacks directed at user’s phones, stealing credentials, and using them to gain access to systems hosting sensitive data. This breach has now resulted in five class action lawsuits against MGM and Caesars on the grounds that they failed to protect customers in the cyberattack.  

Question 3: How does mobile security protect company data and resources? 

There are a few ways to implement mobile security. The most common way is to integrate an advanced mobile security solution with unified endpoint management (UEM) or mobile device management (MDM). In simple terms, when mobile security is linked with management, security posture information is shared. In our case, VMware Workspace ONE Mobile Threat Defense (powered by Lookout) is integrated with the Workspace ONE platform. When threats are detected, policies can be applied by Workspace ONE Unified Endpoint Management. In the case of a fully managed corporate-owned device, the mobile phone can be remediated.  

For user-owned devices, also known as bring-your-own devices (BYOD), we can use policies to fix issues as allowed, or deliver instructions to the user to fix it on their end. We deliver mobile security via Workspace ONE Intelligent Hub and notifications are delivered through Hub, a tool that many end users already use to access apps for work. End users can rest assured their mobile device is constantly being monitored for the presence of mobile threats, such as phishing, malicious apps, device exploits, and network attacks.  

In conclusion, our conversations with customers covered a lot of ground. The threat environment will always be hostile, and organizations need to focus on improving their mobile security posture today and for the long term. Learn how VMware Workspace ONE Mobile Threat Defense delivers more effective mitigation of today’s mobile threats while empowering your anywhere workforce. See the solution in action in our demo video and view technical content and documentation on the VMware Tech Zone. 

In our fast-paced world, the pursuit of diversity, equity, and inclusion (DEI) isn’t just a moral compass; it’s the compass steering businesses toward a prosperous future. Organizations championing inclusive excellence thrive, while those neglecting it risk being left behind. To truly achieve DEI goals, companies must not only craft equity-driven policies but also seamlessly embed them within their processes and technologies. Enter end-user computing (EUC) solutions, exemplified by the VMware Anywhere Workspace platform, which stand as pivotal tools in cultivating cultures of equity and inclusion. This blog takes a deep dive into the transformative potential of VMware Anywhere Workspace, showcasing how it empowers organizations to reach DEI goals through optimized access, personalized experiences, and the creation of inclusive work environments. 

Inclusion at every threshold 

Anywhere Workspace doesn’t discriminate; it offers equal access to all. The keystone to fostering diversity, equity, and inclusion in the workplace is universal access. With Anywhere Workspace, employees can seamlessly reach their work from their preferred devices and locations, ensuring a level playing field. Regardless of the device, location, or network, employees enjoy the same secure access to work apps and resources as they would within their physical office space. This accessibility not only promotes equity but also taps into a diverse talent pool, catering to the dynamic, distributed workforce of today. 

Tailoring user experiences 

Anywhere Workspace champions personalized user experiences, optimizing productivity. Crafting an inclusive environment hinges on ensuring every employee can work efficiently and effectively. With Anywhere Workspace organizations can prioritize tailored user experiences, adapting to individual preferences, network conditions, and device choices. This flexibility empowers each employee to work in their preferred manner, fostering higher productivity and satisfaction. Recognizing that a one-size-fits-all technology approach cannot accommodate the diverse workforce’s varying needs, our Anywhere Workspace teams strive to offer customization as a bridge to inclusion. 

Fostering collaborative communication 

The Anywhere Workspace communication features foster inclusive team collaboration. In today’s collaborative work landscape, Anywhere Workspace provides email, chat, and video call capabilities crucial for employee synergy. This suite of communication tools caters to diverse needs, ensuring inclusion for all, including differently abled employees. By offering a spectrum of communication features, organizations not only create a collaborative atmosphere but also champion DEI principles. 

Empowering flexibility in work environments 

The VMware Anywhere Workspace platform unlocks the potential of flexible and remote work. The pandemic catalyzed a paradigm shift, requiring organizations to embrace remote work for employee well-being and business continuity. Anywhere Workspace encourages remote and hybrid work, accommodating employees’ preferences to work from home or abroad. This flexibility supports employee retention and well-being while ensuring organizational adaptability. Anywhere Workspace features cater to diverse work styles, backgrounds, and preferences, nurturing an inclusive work environment where every employee feels valued and acknowledged. 

Inclusive excellence as the cornerstone of success 

In summary, inclusive excellence is the bedrock of organizational triumph, and EUC solutions like the VMware Anywhere Workspace platform are its catalysts. Anywhere Workspace solutions — including Workspace ONE and Horizon — advance DEI by providing equitable access, delivering personalized user experiences, facilitating collaborative communication, and empowering flexible remote work. By putting employees’ needs and inclusivity at the forefront, organizations can cultivate an environment that maximizes productivity, elevates employee satisfaction, and fuels business growth. Prioritizing DEI within EUC solutions directly translates into the creation of diverse, inclusive cultures. By embracing DEI principles, organizations embark on a journey toward nurturing an equitable and inclusive workplace culture. 

As someone deeply involved in the world of technology and end-user computing (EUC), it’s always an exciting time when VMware gathers enthusiasts and experts from around the globe to unveil the latest innovations and insights. In August, I had the privilege of being closely aligned to the VMware Explore 2023 event in Las Vegas, and the experience was nothing short of exhilarating. 

My personal highlights and recap from VMware Explore 2023 in Las Vegas 

Central to the event was the focus on Anywhere Workspace. VMware is committed to a seamless, secure, and scalable digital workspace that empowers hybrid workforces. The integration of Horizon and Workspace ONE stood out for me, because together they offer flexibility and control over digital workspaces. Also of note was the Anywhere Workspace “security-first” approach, based on zero trust principles. 

The future of hybrid and multi-cloud solutions was explored, with a focus on maintaining consistency and control. It was great seeing sustainability taking center stage in the general session, as VMware emphasized its commitment to innovation and environmental responsibility. Visit the video library to watch many Explore Las Vegas sessions. Read this overview blog to learn about all the Anywhere Workspace announcements — and for a preview of Barcelona announcements.

A peek into the future: The EUC keynote at VMware Barcelona  

As we look forward to the EUC keynote at VMware Explore 2023 Barcelona this November, you can expect a diverse range of topics to be covered — from the evolution of remote work and cybersecurity to customer success stories. But what truly makes these happenings invaluable is that Explore always features cutting-edge content. Our Las Vegas sessions placed a strong emphasis on AI-driven enhancements and their role in shaping the future of work. It’s a testament to the VMware commitment to innovation and ability to adapt to the ever-changing EUC landscape.  

With each Explore, I’ve walked away not only with a deeper understanding of the subject but also with a sense of excitement for what lies ahead in this dynamic field. The Las Vegas event left me optimistic about the future of end-user computing. Barcelona promises to be a glimpse into how VMware envisions technology shaping the workplaces of tomorrow. 

Register now to join us at Explore Barcelona to learn more about Anywhere Workspace solutions in our Hybrid Workforce sessions. I look forward to seeing you there.

Last week, VMware and Meta announced new details on their partnership to enable virtual reality (VR) devices for business use. At the Meta Connect event, the company announced availability of Quest for Business, a subscription service that enables management of Meta Quest devices using VMware Workspace ONE Unified Endpoint Management (UEM).  

As part of that announcement Mark Zuckerberg stated, “Next month we are launching Meta Quest for Business, which is going to help you bring mixed reality to your organization … this is going to be compatible with VMware Workspace ONE.” 

VMware and Meta have been technology partners since 2019, but last week Meta announced official support for VMware Workspace ONE UEM when Quest for Business is generally available in October.  

Meta Quest for Business enables support for third-party unified endpoint management solutions such as VMware Workspace ONE UEM. Workspace ONE UEM is the market-leading UEM solution used by tens of thousands of organizations globally. 

How do Quest for Business and Workspace ONE UEM work together? 

The combination of Quest for Business and Workspace ONE UEM enables seamless and automated configuration and management of Meta Quest devices.  

A Meta Quest user simply turns on the device, selects Quest for Business setup, enters their user credentials, and the device can be automatically enrolled into Workspace ONE UEM. 

Workspace ONE UEM then automatically configures and secures the device, pushes applications and content to the device, and sets the device up ready for employees to use. IT admins can then manage Meta Quest devices directly from the Workspace ONE UEM console. 

Why official support is so important 

VMware Workspace ONE UEM is one of only three UEM/MDM solutions supported by Meta, and it’s the only supported solution that offers advanced functionality for Meta Quest devices. 

VMware works closely with Meta to ensure compatibility between Workspace ONE UEM and Meta Quest for Business. Customers can have peace of mind that VMware and Meta validate and support their solutions across Meta Quest, Meta Quest for Business, and Workspace ONE UEM. 

XR-specific MDMs are not supported by Meta for Quest for Business. Today XR MDMs are using unsupported methods to enroll Meta devices. They also require configuration of Meta Quest devices by connecting them to a laptop or desktop. Its critical organizations deploy officially supported solutions to minimise risk to their business. In addition, it’s important that businesses use solutions that meet important security compliance standards, such as ISO27001 and SOC 2. 

For customers deploying Meta Quest devices alongside other XR devices, it’s important that those other device vendors officially support your chosen MDM/UEM solution. VMware Workspace ONE UEM is the only solution that is fully supported across the major XR device vendors — giving customers maximum choice of device. 

Workspace ONE is also the only supported solution that offers advanced functionality, such as a custom launcher for all major XR devices and advanced application management. Workspace ONE Launcher is used on AR devices such as Magic Leap, RealWear and Vuzix, while Workspace ONE XR Hub can be used on popular VR devices such as Meta, PICO, and HTC VIVE.  

Workspace ONE UEM also has advanced app deployment functionality — such as conditions, scheduling, compliance, relay servers, a content delivery network (CDN) and single sign-on (SSO) — which is critical to deploying immersive applications. 

Finally, VMware Workspace ONE enables you to manage all your devices — XR and non-XR — from a single console. There’s no need to employ a costly point solution just to manage your XR devices. Today, Workspace ONE UEM is the lowest-cost solution that supports XR devices. 

Setting up Meta Quest for Business with VMware Workspace ONE UEM 

IT admins will need to set up Quest for Business by adding Workspace ONE UEM as a device profile from within the Quest for Business console.  

The device profile allows IT admins to set specific Workspace ONE enrollment parameters. 

IT admins will also need to set up their users with Quest for Business, via an IdP or by creating accounts manually. 

Once setup is complete, end users can easily enroll devices into Workspace ONE UEM during device setup. Learn how in this Tech Zone document.  

Migrating from an unsupported XR MDM to Workspace ONE UEM 

If you are currently managing your VR device fleet with an unsupported XR MDM, you should migrate your devices to Workspace ONE UEM. These are the steps: 

1. Set up Workspace ONE UEM using this Tech Zone guide.

2. Upload any required VR applications or files to Workspace ONE UEM. 

3. If you require an in-headset custom launcher, set up Workspace ONE XR Hub, using this guide.

4. For Meta Quest devices, set up Quest for Business integration with Workspace ONE UEM. 

5. For HTC and Pico devices, create a QR code using Workspace ONE UEM, or for HTC, a QR code generator 

6. Use your existing solution to remotely factory reset your devices. 

7. Your users can now easily enroll a device into Workspace ONE UEM: 

• For Meta Quest users, simply follow in-headset instructions to set up with Quest for Business. Read more here.

• For HTC VIVE Focus 3/XR Elite, scan the HTC QR code at boot. See this documentation.

• For Pico Neo 3 or 4 Enterprise, scan the UEM QR code during set up. See this documentation.

Additional resources 

You can find more information on Quest for Business here. 

You can read instructions on enrolling Quest devices into Workspace ONE UEM here. 

For new VMware customers, it is easy to sign up for Workspace ONE and start using our cloud solution. We offer a free trial to get you started. Find more information here  

Find more information on Workspace ONE UEM here.

Find more information on Workspace ONE XR Hub here.