What's new in Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager
Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager has switched to an annual release schedule. This new schedule consists of a major yearly release, and then ongoing cumulative service updates for that release that may contain new features.
Not all updates in a release require documentation changes. For a complete list of updates, refer to the release's Ivanti Community readme.
- Initial release readme (Ivanti Community)
- Windows Remote Desktop Protocol (RDP) session support. If multiple RDP sessions are available on a device, you can now pick the session you want to connect to.
- New agent deployment wizard in the unmanaged device discovery tool. After discovering devices, you can use this new wizard to easily deploy agents.
- Software license monitoring no longer uses Microsoft's Silverlight platform, which is approaching end-of-life. We migrated it to Windows Presentation Foundation. You may notice minor appearance differences, but the product works the same way it used to.
- Initial release readme (Ivanti Community)
- BitLocker key recovery. BitLocker recovery key IDs and recovery keys are now collected by the inventory scanner.
- Factory reset for macOS devices. Remotely factory reset a macOS device and require a PIN to unlock it.
Version 2020.1 service updates
Service update documentation changes:
- Service update 1 readme (Ivanti Community)
- New MDM navigation. Tools > Modern Device Management > MDM Configurations has been redesigned to provide a better MDM experience, making it clear which configurations you need to manage your devices and providing more contextual guidance for each configuration option.
- APNs wizard. The new APNs wizard simplifies the APNs experience by handling all communications with Ivanti's signing service, so you only need to leave the console interface to interact with Apple's APNs token portal.
- Activation lock for Apple devices. Enable activation lock to secure your MDM managed iOS, iPadOS, and macOS devices in case they are lost or stolen.
- Windows MDM deep link enrollment. After clicking an MDM enrollment deep link, device users are taken to the built-in Windows enrollment app where they enter their corporate credentials to enroll.
- Windows MDM group policy enrollment. Creating a group policy will automatically enroll all devices that are hybrid-joined to Azure AD.
- New MDM agent settings. New settings payloads have been added to the configuration profile editor for macOS configurations, macOS device configurations, and Windows configurations.
- Improved Android Enterprise account creation. The new account creation process has improved security by authenticating with the Ivanti licensing identity server. Internet Explorer is no longer required, and you do not have to adjust your browser security settings to complete the process.
- Patch Automation. A new tool that helps you simplify and automate monthly patch campaigns.
- Windows 10 reboot notifications. New support for Windows Action Center reboot notifications and custom reboot notification rebranding.
- Remote control full screen and Alt+Tab passthrough. The HTML 5 remote control viewer now supports these features.
- Service update 2 readme (Ivanti Community)
- iOS enrollment codes. Enrollment codes are a new way to enroll iOS devices with less manual information input on the device. This method is useful for enrollment performed by the device user and bulk enrollment.
- Rooted device detection. Identify if any enrolled Android Enterprise devices have been rooted.
- Android serial number reporting. View the serial numbers for Android Enterprise devices in the Network View.
Expanded Windows 10 notifications. Notifications in the Windows 10 Action Center are now available for software distribution, remote control, and reboot settings. Custom branding has also been centralized, making it even easier to configure and preview!
Linux agent CSA support. Linux agents can now communicate through the Cloud Services Appliance (CSA). This allows for off-network support of these devices, including getting inventory and patch information through the CSA similar to the way Windows and macOS work today.
Office 365 patching improvements. Added support for Office 365 patch downloads over HTTP. Earlier versions only supported downloads from a UNC share that wasn't available if the device wasn't on the same network as the core server.
- Service update 3 readme (Ivanti Community)
- Tutorials. Quickly learn how to use important Endpoint Manager features with our new video tutorials covering agent deployment, remote control, patch management, software distribution, modern device management, and provisioning.
- Azure Active Directory for Apple MDM. Added support for macOS and iOS Active Directory MDM enrollment using on-boarding accounts.
- iOS/iPadOS application portal. Curate a catalog of applications to make available to iOS and iPadOS devices managed through Endpoint Manager MDM.
- Mac MDM enrollment URLs. Enroll Mac devices in MDM using enrollment URLs.
- Rename Apple devices. Rename MDM managed Apple devices from the Management Console. The new name will show in the network view and in the device's about information.
- Remote control session recording. Record remote control sessions and save them to an Amazon S3 bucket.
- Download patch content directly from vendors. Save VPN bandwidth by having clients download patches from vendors when possible.
- MSIX application support. You can now install windows .msix and .msixbundle applications.
- Email alerting enhancements. Configuration has been enhanced to allow automatic TLS/SSL protocol detection and manual port configuration.
- Initial release readme (Ivanti Community).
- Agentless remote control. Self-contained remote control agent application for Windows and macOS devices.
- Standalone remote control viewer. Self-contained remote control viewer application for administrators and helpdesk personnel.
- Patch impact analysis. Analyze the impact of patches on your environment before you deploy them.
- Patch definition filtering. Helps you easily define what you want to patch in your environment.
- CVE to patch. Import a .csv formatted list of CVEs and automatically map them to patch data.
- Endpoint Security agent settings interface simplification. It's now easier to configure Endpoint Security agent settings.
- Software distribution Windows action improvements. More supported Windows actions with enhanced reboot and logging support.
- Core sync security improvements. Core sync now uses certificates and trust relationships between core servers. When upgrading to 2019.1, you must configure these items for core sync to work.
- Client cache retention customization. You can now customize distribution and patch cache retention for packages and patches. This customization overrides the default global cache retention settings.
- Privilege management. Integration with the Ivanti Application Control product so you can deploy Application Control configurations using Enpoint Manager.
- New MDM payloads. New settings payloads have been added to the configuration profile editor for macOS configurations, macOS device configurations, mobile compliance, iOS configurations, tvOS configurations, and Windows configurations.
- New Apple mobile device commands. Send commands to Apple mobile devices to restart, shutdown, or enable lost mode on a device. These commands can be sent by right-clicking on a device in the inventory or through the diagnostics tool.
Version 2019.1 service updates
Service update documentation changes:
- Service update 2 readme (Ivanti Community).
- Reported patches security activiy view. This new feature analyzes and summarizes how successful your Windows patch deployments have been.
- Ivanti Antivirus 2017 Real-time protection tab. Use this new tab to configure real-time protection options.
- New remote control authentication option. There's a new Windows NT security server authenticated remote control option. This is similar to the existing Windows NT security/local template option but is more secure.
- Windows action continue on failure option. When configuring software distribution Windows actions, you can now select a Continue on failure option for each step. This allows an action package to complete successfully even if an action in it can't complete.
- Privilege management agent deployment options. You can now maintain and deploy multiple privilege management agent versions.
- Service update 3 readme (Ivanti Community).
- Android Enterprise fully managed device mode. Android Enterprise fully managed device mode offers extensive control over device policies, settings, and applications for your company owned devices.
- Android Enterprise kiosk device mode. Kiosk mode is for devices intended for a single use or an extremely limited scope of use. Kiosk mode (also known as dedicated device mode) locks fully managed devices to a single app or set of apps.
- Wi-Fi settings for mobile Android configurations. When configuring agent settings for Android devices, you can create a Wi-Fi payload to define how devices connect to your network.
- CrowdStrike security activity view. This new feature helps you identify devices that don't have a CrowdStrike agent installed. In a single place view CrowdStrike agent status and agent details from both CrowdStrike and the Ivanti inventory scanner.
- Software distribution cloud storage. Store your software distribution packages on Amazon S3 or Azure blob storage for deployment anywhere in the world. Use this alongside or in place of your existing preferred servers.