Introducing AirWatch 9.0.2

The VMware AirWatch team is excited to announce that AirWatch 9.0.2 is now publicly available.  

This release is now available for download on myAirWatch.

Software Delivery Notification

SDN # - AW_9.0.2

Release - 9.0

Work Items Addressed

  • AAGNT-178811–Addressed the use of the Content Delivery Network (CDN) integration feature and the inability to install internal applications to Android devices in AirWatch environments with the CDN enabled.
  • AAPP-1664–Updated the integration with Apple Education in AirWatch to address a data-reader exception in the AirWatch database caused by a nested call that was wrapped by a transaction scope when users logged in to the system with a shared device.
  • AAPP-1761–Addressed the clear-passcode option in the Device Details section of the AirWatch Console so that the option pulls the privacy settings set in the applicable organization group (OG) and does not pull the privacy settings from the global OG.
  • AAPP-1932–Updated integration with Apple's Device Enrollment Program (DEP) in the AirWatch Console to address the system making DEP options (fetch and renew) available to configure in a child organization group (OG) when you set the child to inherit configurations from the parent OG.  
  • AAPP-2035–Added seed script to the AirWatch Console to support the latest AirWatch Agent for macOS.
  • AGGL-1041–Added console support to create a Work Security Challenge, to setup a passcode requirement for the work apps. This requires a version of the agent that will be released later and the device needs to be on Android 7.0 or higher.
  • AGGL-1048–Addressed failed device enrollment to the Android for Work system supported in AirWatch so that the system automatically creates a user account with Google upon enrollment when you configure the system to use single-factor authentication for the registration token type in the AirWatch Console.
  • AGGL-1050–Added support for always on VPN, to enable all network traffic from work apps to go through VPN. This requires a version of the agent that will be released later and the device needs to be on Android 7.0 or higher.
  • AGGL-1088–Updated device re-enrollment to AirWatch in a replacement scenario by setting the database to send the old username in the response when a device (same UDID and serial number) re-enrolls instead of responding with a new username.
  • AGGL-1099–Updated the support for Rugged devices in AirWatch so that the system removes custom attributes and tags from a device record when the same Rugged device re-enrolls with a different user and AirWatch does not manage the device in a replacement scenario.
  • AGGL-1114–Updated the support for Freestyle devices in AirWatch so that the system removes custom attributes and tags from a device record when the same Freestyle device re-enrolls in a replacement scenario.
  • AGGL-1125–Added seed script to AirWatch to support the latest version of the Android operating system.
  • AGGL-1185–Updated the DeviceAudit API in AirWatch to set it to use UTC time for its start and end dates rather than using EST for the start date and UTC for the end date.
  • AGGL-1196–Updated the DeviceAudit API to align the status parameter with the other parameters of the API by returning a 404 NOT FOUND response for invalid statuses.
  • AGGL-1208–Updated device events in AirWatch so that the system logs a device event when you add a tag to a device using an API to mirror the same behavior when you add a tag in the console.
  • AGGL-1224–Updated the UnenrollAudit API in AirWatch so that it returns results for serial numbers with more than 20 characters.
  • AGGL-1239–Updated support for Android for Work in AirWatch to address the batch processing service that fails to start after an upgrade to the server, which results in a failure to deploy profiles to devices.
  • AGGL-1259–Updated the support for Android for Work in AirWatch to address the system not refreshing the screen when admins use the import from play option to import an approved public application from the Play Store. Admins did not see the application unless they refreshed the screen.
  • AGGL-730–Added support to search and approve apps in the Play Store for work, from within the AirWatch console. Work apps will now be available in the badged Play Store on the device.
  • AGGL-877–Updated the work-profile tag in the support for Android for Work so that it contains the same restrictions that are in the work-managed tag, which include allow disabling application verification, allow installing applications, allow uninstalling applications, allow non-market app installation, allow NFC, and allow USB debugging.
  • AMST-1329–Updated the workflow for staging devices for enrollment to AirWatch to set the system to look for device registration records in the entire organization group (OG) hierarchy so that a staged device set to enroll in a parent OG but enrolls in a child OG is assigned to the configured parent OG.
  • AMST-1515–Updated Inbox for Windows Desktop that run on Surface models running Windows 8.1 to address updates to the Exchange ActiveSync profile that do not install to Surface devices and are stuck in a Pending Install state in the AirWatch Console.
  • AMST-1677–Updated the Software Distribution feature in AirWatch to extend permissions to enable and disable Application Deployment in the AirWatch Console to AirWatch Admin roles.
  • AMST-1695–Made AirWatch database changes and seeded data to support changes made by Windows patch management.
  • AMST-1710–Updated the Software Distribution feature in AirWatch to set the system to remove application packages off devices no longer entitled to use the application.
  • AMST-1988–Addressed the remove-profile for Inbox for Windows Desktop 8.1 sent from AirWatch but not received by devices.
  • APC-380–Updated the AirWatch SDK to address a server exception with a 500 HTTP status code instead of a 200-Ok message with no body, which is interpreted by applications built with the SDK as device not found and results in an enterprise wipe of the device.
  • APC-405–Updated Boxer and the AirWatch SDK integration so that you can apply the SDK profile to a public application and deploy to Boxer and Boxer receives a configure single-sign on profile.
  • ARES-1700–Addressed an error with the system sending AppConfig parameters to some devices but not others. 
  • CMCM-186820–Addressed repository links not trimming when they end with ASPX when you configure a content repository template in the AirWatch Console which results in an issue when syncing to devices from the repository.
  • CMCM-186855–Updated the default content quota calculation for a specific environment that impacted the import files uploaded by the batch upload process.
  • CMEM-182740–Standardized the way the Secure Email Gateway transforms hyperlinks when a specific messenger app for smartphones prefixes the URL. 
  • CMSVC-1108–Updated the groups functionality in AirWatch to address the removal of users from the console and from the database when you sync an admin group after editing the group.
  • CMSVC-1135–Addressed the conversion of legacy application assignments to smart groups that sticks in processing and prevents the UI from displaying the option to convert to smart group assignment.
  • CMSVC-1269–Updated whitelists in AirWatch so that an admin can configure Android anywhere in the model list (specifically the final model) in a whitelist restriction and Android 4.0.1+ devices can successfully enroll with AirWatch.
  • CMSVC-1313–Updated the messaging functionality in AirWatch to address custom HTML message templates that are corrupted when the system sends them to devices for enrollment after admins edit device IMEIs.
  • CMSVC-1339–Updated a process-request method in the database to address the system failing   to verify whitelisted devices in a pre-registered device with an IMEI and token enrollment scenario which resulted in some devices not completing enrollment.
  • CMSVC-1379–Updated the user management functionality in AirWatch to address the wrong value for the other LDAP option in directory services which results in the incorrect syncing of user groups and directory services that are not Active Directory.
  • CMSVC-1409–Addressed conflicting OEM names listed in an enrollment restriction for a specific Android tablet model so that the tablet can enroll with AirWatch.
  • CMSVC-1478–Updated the stored procedure for EULA acceptance that called the enrollment ID, device ID, and organization group instead of just the device ID, which, in a staging scenario, resulted in excessive (thousands) responses to device services when a single user was assigned hundreds of devices.
  • CMSVC-1517–Updated the Workspace ONE EULA in the AirWatch Console.
  • CMSVC-1587–Updated smart group functionality in AirWatch so you can move a device to another organization group using a special application or manually, and the new organization group and assigned smart group align in the AirWatch Console.
  • CRSVC-1017–Updated the way the system edits passwords for certificate authorities in the AirWatch Console so that the system displays the show password option only upon the initial creation of the password preventing anyone from getting a password for a previously created certificate authority.
  • CRSVC-1022–Updated the Ionic.Zip.Reduced version in the AirWatch Cloud Connector (ACC) so that the ACC automatically updates to the latest version when you upgrade to AirWatch 9.0+.
  • CRSVC-1061–Removed the display of the confirm password option on the configure certificate authorities page in AirWatch so that the page only displays the server URL and upload options.
  • CRSVC-1203–Addressed the unnecessary display of a confirm password option after uploading certificates on the certificate authorities settings page in
  • CRSVC-225–Updated the certificates functionality in AirWatch to remove dummy certificates from the device services server after the new key generates for the corresponding certificate.
  • CRSVC-757–Updated a staged-SMIME-certificate table in the AirWatch database that was not updating S/MIME certificates re-uploaded to the console by API, which caused a scheduler job to delete S/MIME certificates early.
  • CRSVC-860–Increased the allowed characters for event log data in AirWatch from 50 to 255.
  • CRSVC-880–Added the option to publish private key when an admin creates a new certificate authority with Entrust in the AirWatch Console.
  • CRSVC-886–Updated the create-organization-group API to return a 400 message when you create an organization group that is already in use in the AirWatch with the API.
  • CRSVC-887–Updated the delete-device API to return a 404 message when you delete an invalid device from AirWatch with the API.
  • CRSVC-899–Addressed the pre-compile process for some pages in AirWatch to ensure that the process includes all files in the build and that AirWatch installs.
  • CRSVC-944–Updated the certificate authority functionality in AirWatch so that the console displays advanced options for static challenge types for NDES certificate authority versions.
  • ENS-153–Updated the email notification service (ENS) in AirWatch to address the failure of the ENS auto discovery for batches of more than 90 users.
  • FBI-177159–Bypassed the SQL Server Reporting Services from the AirWatch Console for popular reports so that the system does not call as many database stored procedures and generates popular reports more efficiently.
  • FBI-177357–Updated UI options on the reports information page in the AirWatch Console, which includes removing the Beta Version option and listing new reports.
  • FCA-180111–Added more assistance to admins with setup and connection in the getting started process of the Workspace ONE app.
  • FCA-180537–Updated the managed device wipe protection function in AirWatch so that the system performs a device wipe from the device details page on the number configured for protection and no more.
  • FCA-181361–Added support in AirWatch Express for Apple Programs like the Device Enrollment Program and the Volume Purchase Program.
  • FCA-181455–Updated the performance in an internal AirWatch test environment so that it can handle organization group (OG) hierarchies with more than 90 thousand OGs and to prevent the organization group function from locking.
  • FCA-181734–Updated the getting started functionality in AirWatch and Workspace ONE so that you can configure Boxer for secure email for Windows devices and the system deploys Boxer for Windows to the catalog on devices.
  • FCA-181736–Addressed a link that should go to the public application list view in Workspace ONE from the summary page after configuring Workspace ONE productivity options but navigates to an erroneous URL.
  • FDB-603–Addressed a stored procedure for the provisioning feature in AirWatch that experienced a SQL query time out and caused errors on the Product List View page.
  • FDB-651–Disabled a lock procedure in an interrogator.scheduler table in the AirWatch database to prevent deadlocks.
  • FDB-689–Addressed a timeout in a stored procedure for provisioning in the AirWatch database.
  • FDB-692–Updated code in a stored procedure that saves system samples to address a deadlock in the AirWatch database that caused performance issues.
  • FSEC-182572–Updated the internal application functionality in AirWatch to address save failures caused by MIME sniffing not returning images/PNGs and in turn causing an invalid file type error message.
  • FSEC-182634–Strengthened tamper detection on CAPTCHA element.
  • INTEL-513–Collected usage statistics reported by customers on page usage in the AirWatch Console as the first phase of the User Experience Improvement Program (UEIP).
  • INTEL-727–Updated the AirWatch Installer to configure the installer to know if the AirWatch installation is for testing or for production and to point the web.config file to the correct endpoint.
  • INTEL-798–Updated the AirWatch installer to ensure that the web.config for production environments sends data to production endpoints and that the web.config for testing environments sends data to testing endpoints.
  • PPAT-1207–Added support for Windows domains in the Tunnel with the ability to configure domains when admins create VPN profiles and that the Tunnel client can retrieve those domains and allows DNS and TCP traffic.
  • PPAT-1277–Updated a receive buffer that receives data from the AirWatch Cloud Messenger (AWCM) to stabilize the process so that the AWCM module receives data from the AWCM host.
  • RUGG-1061–Updated the remote management for Rugged in AirWatch to address the operation of the export certification option for third party remote management in site URLs.
  • RUGG-1079–Updated a null value returned by a stored procedure for printers-server-service-by-ID to address the inability to delete printers. 
  • RUGG-1818–Updated the AirWatch device-audit API so that it returns a 400 or 422 error when a serial number with more than 255 characters returns in the API endpoint.
  • RUGG-1903–Updated and removed options in the Wi-Fi profile for Zebra printers in AirWatch.
  • RUGG-440–Updated AirWatch app groups for specific APIs to make them optional.
  • RUGG-642–Updated the verbiage on labels and autocomplete text boxes for Rugged devices in AirWatch.
  • RUGG-719–Updated the product functionality in AirWatch to address a missing list of assigned groups after admins save a manifest.
  • RUGG-773–Updated the Delete REST API for device custom attributes to address a 500-error code.
  • RUGG-786–Added a new file action that applies custom settings for Rugged Android devices in AirWatch.
  • RUGG-964–Added Wi-Fi profiles that include certificates for EAP-TLS for Zebra printers integrated with AirWatch.
  • RUGG-985–Addressed an issue with batch importing on relay servers when using the SFTP protocol in AirWatch.
  • SAWCM-117–Addressed the AirWatch Cloud Connector (ACC) test connection feature in the AirWatch Console and addressed the failure to synchronize user groups in the AirWatch Cloud Messenger (AWCM).
  • SINST-174203–Updated the number of times a Gem Windows service runs by spreading out the service run time between specific hours by updating the system-code-override.
  • SINST-174230–Addressed a missing DLL in AirWatch environments after upgrade, which caused REST API failures.
  • TDOC-1855–Updated the online help to reflect the features for the latest AirWatch version.


Installation Procedure

Use the following step-by-step instructions to apply a feature pack or other patch to your version of AirWatch.

Important: Contact AirWatch if your SEG is on the same server as your AirWatch Admin Console or Device Services servers for instructions on how to proceed.

Consider retaining *.exe installation files in case there are issues.

  1. Stop all the AirWatch services and websites on AirWatch Admin Console and Device Services servers.
  2. Back up your AirWatch Application Servers and AirWatch Database.
  3. Obtain the AirWatch_Application_9.0._FPXX_Install.exe and AirWatch_Database_9.0_FPXX_Setup.exe files from AirWatch Resources ( These are the full installer files, which you run on your servers to apply the upgrade.
  4. Execute the AirWatch_Application_9.0_FPXX_Install.exe by right-clicking and running as administrator on each Console and Device Services server up until the point where all application servers state "IIS and all services are now stopped. Please upgrade your AirWatch database using the provided script", then immediately proceed to the next step.
  5. Run the AirWatch_Database_9.0_FPXX_Setup.exe executable on the AirWatch database server.
  6. Finish running the installers on each Console and Device Services server.
Have more questions? Submit a request


Article is closed for comments.