Introducing AirWatch 9.1.2

The VMware Workspace ONE Team is excited to announce that AirWatch 9.1.2 is now publicly available and available for download in My Workspace ONE.


Software Delivery Notification

SDN # - AW_9.1.2

Release - 9.1


Work Items Addressed

  • AAPP-2796: Added support for features in the latest versions of Apple iOS, macOS, and tvOS to AirWatch.
  • AAPP-2811: Removed a redundant InstallApplication command that the system queued after the application assignment process in the device-based Volume Purchase Program (VPP) process.
  • AAPP-2847: Added support to bulk push notifications in Workspace ONE.
  • AAPP-2995: Enabled the push of the macOS device enrollment program (DEP) agent when admins disable the Await Configuration option in the Device Enrollment Program settings page in the Workspace ONE UEM (AirWatch) Console.
  • AAPP-3016: Seeded script to support Workspace ONE UEM (AirWatch) Console BETA content for the latest versions of Apple iOS, macOS, and tvOS.
  • AAPP-3058: Removed a message warning that an sToken was used in another environment when it was not after admins used the Sync Assets feature for the Volume Purchase Program (VPP).
  • AAPP-3159: Updated Boxer and support for Apple's Volume Purchase Program (VPP) so that admins can save and deploy Boxer as a purchased application along with application configurations and email settings in the Workspace ONE UEM (AirWatch) Console.
  • AAPP-3191: Updated Boxer when it is deployed as a Volume Purchase Program (VPP) application so that AirWatch deploys it as a purchased application to devices along with email configurations and device users do not have to manually enter email settings.
  • AAPP-485: Removed the relationship between the Auto-Lock setting in the Passcode payload from the Grace Period setting in the Security & Privacy payload for macOS devices so that enabling auto-lock and setting a minute value does not change the grace period value.
  • AGGL-1795: Enabled the access of Samsung Knox container devices to resources through the AirWatch Tunnel by ensuring VPN certificates issue and install as expected from the console to devices.
  • AGGL-1944: Enabled the reporting of Android ET1 device locations in the Workspace ONE UEM (AirWatch) Console when admins use location services in the AirWatch Agent for Android.
  • AMST-2811: Changed the registry query key pulled from the AirWatch database from HKU\ to HKU so that Win32 applications install without 404 or 405 errors.
  • AMST-2826: Changed the install status displayed in the Workspace ONE UEM (AirWatch) Console for Win32 applications that fail to uninstall from MDM removed to Failed
  • AMST-3083: Updated the support for BitLocker Encryption for Windows 10 devices in AirWatch by escrowing the BitLocker key immediately to the console to allow access to an AirWatch environment if an environment enters recovery mode for an unforeseen reason.
  • APC-539: Added the display of shared device mode status to the enrollment process in AirWatch to support the AirWatch SDK to manage logging in and out in the simplified enrollment flow.
  • APC-620: Added the option to select Derived Credentials in the Credentials payload for SDK profiles in the Workspace ONE UEM (AirWatch) Console.
  • APC-641: Changed the process for the Sync Bookmark End Point feature in AirWatch Browser that returned a 200 error message.
  • ARES-2980: Enabled the view of the XML of the Credential payload with the Derived Credentials for SDK profiles in AirWatch.
  • ARES-3165: Added the ability to disable the use of a content delivery network (CDN) at a specified organization group to the Workspace ONE UEM (AirWatch) Console to help when staging devices before enrollment so that internal applications do not fail to install after enrollment.
  • CMCM-187181: Stopped the duplication of user repositories when end-users sync content in Content Locker by resolving an issue with parsing the hostname.  
  • CMEM-183705: Support added for configuring V2 SEG at Container organization groups (OGs) that reside beneath a Customer OG with REST.
  • CMEM-183718: Ensures authentication keys are generated for securing AW to SEG communication on SEG service startup.
  • CMEM-183735: Resolves an issue where the V2 SEG does not return 401 to device on OPTIONS when the request has a body.
  • CMEM-183744: Resolves Kerberos Authentication instabilities on the Classic SEG.
  • CMSVC-2804: Reduced the time it takes to ping the AirWatch Cloud Connector (ACC) in shared SaaS environments when the ACC or Active Directory are configured incorrectly, so that admins can address configurations immediately instead of waiting for a ping that times out after 2 minutes ending in a failed sync.
  • CMSVC-2826: Updated the register-device process for Workspace ONE in container mode when it shares the HMAC and single sign on session with AirWatch Browser when the system has an application-level record from Browser that causes a failure to register with Workspace ONE or causes applications to fail to install from Workspace ONE.
  • CMSVC-2853: Updated application compliance functionality in AirWatch so that the system does not tag devices as non-compliant when admins have not assigned them to a whitelisted app group but have assigned a whitelist compliance policy.
  • CMSVC-2866: Removed a conflict between whitelisted app groups, required applications, and application compliance policies in AirWatch so that the system allows required applications and whitelisted applications and does not mark devices that have required applications non-compliant.
  • CMSVC-2963: Updated the adaptive enrollment process for Android devices in a specific AirWatch environment to enable devices in container mode to install manage applications as part of adaptive enrollment.
  • CRSVC-1669: Added new certificate templates, mobile single sign on authentication (iOS), and certificate authentication (macOS and Windows 10) to integrate with VMware Identity Manager.
  • CRSVC-1824: Updated the open source license for AirWatch Cloud Connector in the latest version of AirWatch.
  • CRSVC-2031: Reduced the times the application request handler fetches content delivery network settings system code so that it fetches system code upon the first invocation and then, returns retrieved settings for subsequent invocations in the AirWatch system.
  • CRSVC-845: Rotated AirWatch API root certificates.
  • FBI-177537: Updated the Application Details by Device report subscription so that admins can access the report without error and edit the report.
  • FCA-182400: Aligned the 'less-than' symbol in the user interface of the Add Compliance Policy wizard in the Workspace ONE UEM (AirWatch) Console.
  • FCA-182653: Enabled access to the AirWatch Self Service Portal (SSP) for a specific environment when access was lost after that AirWatch environment upgraded.
  • FCA-182817: Added a way to track the number of page views for the mobile console to determine how much it is used and if it is beneficial for an AirWatch admin's experience.
  • FCA-183057: Upgraded the Workspace ONE UEM (AirWatch) Console to Bing Maps V8 Control and to Bing Maps REST Services.
  • FCA-183124: Updated the Device Details page in the Workspace ONE UEM (AirWatch) Console to ensure that the Location tab displays.
  • FCA-183125: Removed the FIPS migration page from the Workspace ONE UEM (AirWatch) Console because it made certificates unreachable due to encrypting all passwords in the database. 
  • FDB-856: Updated the AdminGroup_Delete database table in the AirWatch database to allow the deletion of groups when AirWatch deployments use Active Directory and VMware Identity Manager.
  • FDB-901: Removed the ability to update an existing admin account with the same username as another admin account in the Workspace ONE UEM (AirWatch) Console.
  • FDB-908: Updated the Hub in the Workspace ONE UEM (AirWatch) Console so that the graphs for Devices with Blacklisted Apps and Devices Without Required Apps display data from applicable organization groups.
  • INTEL-1581: Made user interface improvements to the Custom Reports functionality in AirWatch.
  • INTEL-1815: Updated the user interface by making the sync status page for analytics inaccessible.
  • PPAT-1988: Reduced the time that a request to download applications arrives at the Workspace ONE UEM (AirWatch) Console to prevent application download timeouts when using the per app VPN.
  • PPAT-2091: Added an ‘Always On' setting in the VPN option in AirWatch Tunnel profiles in the console.
  • RUGG-2483: Added APIs that create profiles and that update those profiles for Windows Mobile devices.
  • RUGG-2695: Updated the export API in AirWatch to encrypt the output information and the Wi-Fi password so that they do not display as plain text.
  • RUGG-2698: Added an admin mode for Launcher for Android that admins can activate while troubleshooting to keep the admin passcode secure and then deactivate to return to normal mode. This new mode removes the need to change the admin passcode for Launcher after troubleshooting.
  • RUGG-2716: Updated the process of provisioning internal applications with AirWatch POST APIs so that the system does not send a remove-application-command when admins update an application version. The system displays both versions in the Staging & Provisioning area of the console and the previous application version remains installed on devices.
  • RUGG-2879: Updated the MaintainFileAction API so that it saves manifest steps in the configured order and updated the associated stored procedure so that it returns lists of actions in order.
  • SINST-174353: Added a patch installer utility for custom packages in AirWatch.
  • SINST-174369: Updated the AirWatch Installer to take DNS names that start with numbers.
  • SINST-174388: Updated the VMware Identity Manager Installer for Windows to allow customization of the database connection.
  • WPCAGNT-184027: Added the latest AirWatch Agent for Win32 to AirWatch.


Installation Procedure

Use the following step-by-step instructions to apply a feature pack or other patch to your version of AirWatch.

Important: Contact AirWatch if your SEG is on the same server as your Workspace ONE UEM (AirWatch) Console or Device Services servers for instructions on how to proceed.

  1. Consider retaining *.exe installation files in case there are issues.
  2. Stop all the AirWatch services and websites on Workspace ONE UEM (AirWatch) Console and Device Services servers.
  3. Back up your AirWatch Application Servers and AirWatch Database.
  4. Obtain the AirWatch_Application_9.1._FPXX_Install.exe and AirWatch_Database_9.1_FPXX_Setup.exe files from AirWatch Resources ( These are the full installer files, which you run on your servers to apply the upgrade.
  5. Execute the AirWatch_Application_9.1_FPXX_Install.exe by right-clicking and running as administrator on each Console and Device Services server up until the point where all application servers state "IIS and all services are now stopped. Please upgrade your AirWatch database using the provided script", then immediately proceed to the next step.
  6. Run the AirWatch_Database_9.1_FPXX_Setup.exe executable on the AirWatch database server.
  7. Finish running the installers on each Console and Device Services server.
Have more questions? Submit a request


Article is closed for comments.