New Features V5.4
A new option Refresh policies is available in the mac agent status bar, which forces the immediate retrieval of the latest policies from the server.
Since the auth token is received using MQTT and by default expires after 1 hour, this pull request might not work if the MQTT communication isn't available for more than 1 hour.
You can specify a different expiration interval for the token in the appsettings.json of SXS Net.
MQTT Broker is used for the communication between MacOS agents and the IDAC Server (SXS).
To reduce the effort of managing an MQTT Broker for test purposes or for small single-server installations, SXS.Net can also host an in-process MQTT Broker without persistence (which is not used as we rely on MQTT for instant messaging, not for payload delivery which goes through REST API).
Instructions to enable the MQTT Broker and manage credentials is given below, in the SXS.Net section at How to use and configure the in-built MQTT component in Ivanti Device & Application Control 5.4 on the Ivanti Community.
Detailed instructions on how to configure the MacOS communication for IDAC can be found at IDAC - Install-Configure Mac OS agent on the Ivanti Community.
The "User Options Report" is now created both as a *.CSV file and as a *.HTML file. You can use the CSV file to a much greater extent to be further processed by third-party software. This means you might be able to create additional reports and have greater visibility based on your company processes.
The *.CSV file is stored in the same location as the *.HTML file and opens with your default application.
For more information about reports, see Using Reports.
Configuration and queries done from the console (SMC) can now be done programmatically/automated, using the Server side SDK delivered with the server installation.
You can use Command line, C, and .Net for scripting, automation, and reporting needs.
This enhancement enables you to create various actions in a fully automated manner. For instance, you could use the SDK to create your reports and/or process them further in third party tools.
For more information about the SDK, see SDK.
Since IDAC 5.3, if you were under-licensed, you received a pop-up notification when starting the SMC.
With IDAC 5.4 you receive a similar notification. However, once your license usage is 7% higher than your license count, you will have 45 days to correct the license usage. After that period, the IDAC client agent without a valid license will be disabled. This means the specific clients won't be protected using IDAC any longer.
Once you are in the range of your official license count, the counter will be disabled.
After the mentioned 45 days, all MacOS agents on an older IDAC client agent version will be disabled.
Enable the system drive encryption using BitLocker directly from within the SMC (Tools > Default Options > Computer)
This enables you to ensure all clients have the BitLocker System Drive Encryption enabled.
Further details around this feature can be found on the Ivanti Community.
To assist and simplify the product installation process (server and client) in an offline environment, we provide all prerequisites needed during the installation process, within a separate compressed file. You can download this file directly from the product download page.
You can copy the file to the client/server where you install the IDAC component to ensure you have all the prerequisites available when needed.
You can use the SADEC Tool (Stand Alone Decryption Tool) to unlock encrypted devices on clients without having the IDAC agent installed.
To allow you to install the tool for example using Ivanti DSM or GPO in an automated way, the MSI file supports the "/qn" parameter to enable silent installation.
Using the parameter allows the installation process to run in the background without disturbing the end user.
For more information about the SADEC, see Stand-Alone Decryption Tool.
You can enable the PowerShell Constrained Language Mode using Ivanti Device & Application Control. This improves the security by limiting the functionality of PowerShell to "day-to-day" tasks as described by Microsoft. Any PowerShell functionality that might be harmful to your environment will be disabled.
Further details are described on the Ivanti Community.
Within the installation media we provide a predefined script that you can use to synchronize Azure AD users as well as user-groups.
Running the script creates a *.json file with all the users and user groups within Azure AD. You can import this *.json file either manually from the console (SMC) or automatically using the IDAC server-side SDK.
After the import you can use those users and user-groups directly within the Console (SMC).
Further details can be found at Importing Domain Members and on the Ivanti Community.
Microsoft Windows Server 2022 is now a supported operating system.
For full details of supported platforms, see the Quick Start guide.