Workspace ONE UEM 2604: Another feature packed release

We're continuing to innovate and our latest release is an example of our engineering prowess and our mission to help our customers solve problems. Our 2604 release is one of the most expansive in recent memory and build off the momentum from our last release (2602, which you can read about here). But let's dive into what's new!

Windows Server management is now generally available

For years, Windows Server fleets have lived outside the UEM story; managed by separate tools, separate teams, and separate processes. In 2604, that changes. Windows Server management is now generally available in Workspace ONE UEM, bringing server infrastructure into the same management plane as the rest of the endpoint fleet.

Enroll Windows Servers (2016 or later) using Intelligent Hub, and they show up right alongside your desktops with server-specific details like installed roles and features. From there, you can use the tools you already know: ADMX profiles with pre-loaded templates, Baselines for automatic configuration refresh, granular OS patching with scheduling, full app lifecycle management through Enterprise Application Repository, and Freestyle Orchestrator for automation. Remote support carries over too; screen share, file access, and command line, exactly the way it works for desktops. No logged-in user required.

One solution. One console. Desktops and servers, unified.

Learn more here

Vulnerability Defense enters Limited Availability

Finding vulnerabilities is only half the problem. Remediating them quickly at scale, without disrupting users, is where most endpoint security programs stall. In 2604, Workspace ONE Vulnerability Defense enters Limited Availability, bringing a complete assessment-to-remediation workflow directly into the Omnissa platform for Windows endpoints.

The solution integrates Workspace ONE UEM with CrowdStrike Falcon Exposure Management to bridge the gap between vulnerability management, exposure discovery, and remediation. When a CVE or other high-risk asset condition is identified, Workspace ONE UEM automatically maps it to affected endpoints to enable rapid risk-based prioritization. Recommended remediation paths are surfaced directly to the admin in the console, along with pre-configured updates from the Enterprise App Repository. Patches and app updates are delivered through UEM and IT teams can monitor remediation progress. Contact your Omnissa account team to learn more about Vulnerability Defense.

Admin experience and operations innovations

The redesigned UEM console is now generally available

After its limited availability debut in 2602, the redesigned Workspace ONE UEM admin console is now generally available to all customers. Built on a modernized tech stack and shaped by iterative user research and testing, the new experience reorganizes navigation into more logical categories, surfaces the most-used features front and center, and replaces labels that required institutional knowledge with language that's clear at a glance.

Phased deployments now support percentage-based rollout

Phased deployments also made a limited availability debut in 2602 and is now generally available with 2604. Additionally, this release adds a meaningful new capability: admins can now define each phase by a percentage of the target population rather than specifying groups explicitly. This makes it straightforward to rollout deployments in stages (for example, 5%, 20%, 50%, and 100%), validate outcomes at each step, and expand rollout in a controlled manner.

A unified troubleshooting view for device commands and actions

Troubleshooting device actions should not require navigating across multiple views. The 2604 release introduces a unified experience that brings all commands and actions into a single view, with clear status and execution timelines. With full visibility into the lifecycle of every command and action, admins can diagnose issues much faster.

Major updates to Apple management capabilities

To better support our customers, we have accelerated our support for Apple features with 2604. This release includes extensive updates to Apple management capabilities which we will expand upon in an upcoming blog. But here are a few of the highlights:

Enterprise App Repository takes macOS app delivery to scale

Managing macOS apps across large fleets has traditionally demanded heavy admin effort for packaging, versioning, and updates. With 2604, Workspace ONE UEM launches the Enterprise App Repository (EAR) for macOS—a curated catalog of popular applications that streamlines deployment and ongoing management.

Admins can select apps from the repository in the UEM console and deploy them to device groups immediately, with no manual packaging required. Updates are handled automatically, and notifications keep admins informed when new application versions are available. The app repository integrates natively with existing UEM assignment workflows, so deployment happens as it does with any other managed app.

Platform SSO now available at first login — during enrollment

Onboarding a Mac used to mean multiple logins for a user to setup Platform SSO; either a manual IdP login step after enrollment or a separate configuration workflow to bolt on Platform SSO afterward. In 2604, Workspace ONE UEM closes that gap: Platform SSO (PSSO) can now be configured directly within Setup Assistant during Automated Device Enrollment (ADE) for a seamless onboarding experience This feature is released under Limited Availability with 2604.

When a device runs through ADE, users now authenticate with their organization's identity provider and create their first local account — all during initial setup, before the device is handed off. No additional steps, no separate profile push. The result is a cleaner onboarding experience and a stronger security baseline from day one.

Smarter MDM migration: preserve apps through re-enrollment

Migrating devices to Workspace ONE UEM (or re-enrolling at scale from on-prem to SaaS) has historically meant apps getting wiped and reinstalled, adding friction for end users and complexity for IT. In 2604, Workspace ONE UEM introduces granular app preservation during MDM migration for iOS/iPadOS 26+ devices.

A new "App Preservation" toggle in the ADE profile lets admins choose to retain all apps or select specific ones to keep installed through the re-enrollment process. Improved retry logic and detailed event logging give admins visibility into what's happening if something goes wrong.

For organizations managing large-scale migrations, this feature meaningfully reduces user disruption and rollback risk.

Windows management updates

Granular patch management

Granular patch management brings the full Windows Update Catalog right into the Workspace ONE UEM console. Find the exact update you need, assign it to specific devices or your entire fleet, and deploy on your schedule.

On desktops, that means responding to a zero-day in minutes instead of days. On servers, it becomes your complete patching solution: total control over what gets deployed, where, and when. In server environments where one surprise reboot can ripple into real downtime, that precision makes all the difference.

Linux management updates

Ansible joins the Linux configuration toolkit

Enterprise Linux environments often depend on Ansible for configuration management, and in 2604, Workspace ONE UEM brings that capability directly into the Custom Configuration Profile. Ansible is now available alongside Bash, Python, and Puppet as a supported payload type.

Admins can use Ansible playbooks to configure enrolled Linux devices at scale, including support for Ansible Collections and Roles.

SUSE devices now supported for automated patching

The Device Update Profile now extends to SUSE-based Linux devices, including openSUSE, SLED, and SLES. Admins can configure the level and frequency of automatic updates, security and policy-specific update rules and notifications when new major OS versions become available.

Stay current

Release notes for UEM 2604 are available here. For questions or deployment help, connect with the Omnissa community or reach out to your Omnissa account team.