What's new in Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager
Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager has switched to an annual release schedule. This new schedule consists of a major yearly release, and then ongoing cumulative service updates for that release that may contain new features.
Not all updates in a release require documentation changes. For a complete list of updates, refer to the release's Ivanti Community readme.
Version 2020.1
- Initial release readme (Ivanti Community)
- BitLocker key recovery. BitLocker recovery key IDs and recovery keys are now collected by the inventory scanner.
- Factory reset for macOS devices. Remotely factory reset a macOS device and require a PIN to unlock it.
Version 2020.1 service updates
Service update documentation changes:

- Service update 1 readme (Ivanti Community)
- New MDM navigation. Tools > Modern Device Management > MDM Configurations has been redesigned to provide a better MDM experience, making it clear which configurations you need to manage your devices and providing more contextual guidance for each configuration option.
- APNs wizard. The new APNs wizard simplifies the APNs experience by handling all communications with Ivanti's signing service, so you only need to leave the console interface to interact with Apple's APNs token portal.
- Activation lock for Apple devices. Enable activation lock to secure your MDM managed iOS, iPadOS, and macOS devices in case they are lost or stolen.
- Windows MDM deep link enrollment. After clicking an MDM enrollment deep link, device users are taken to the built-in Windows enrollment app where they enter their corporate credentials to enroll.
- Windows MDM group policy enrollment. Creating a group policy will automatically enroll all devices that are hybrid-joined to Azure AD.
- New MDM agent settings. New settings payloads have been added to the configuration profile editor for macOS configurations, macOS device configurations, and Windows configurations.
- Improved Android Enterprise account creation. The new account creation process has improved security by authenticating with the Ivanti licensing identity server. Internet Explorer is no longer required, and you do not have to adjust your browser security settings to complete the process.
- Patch Automation. A new tool that helps you simplify and automate monthly patch campaigns.
- Windows 10 reboot notifications. New support for Windows Action Center reboot notifications and custom reboot notification rebranding.
- Remote control full screen and Alt+Tab passthrough. The HTML 5 remote control viewer now supports these features.

- Service update 2 readme (Ivanti Community)
- iOS enrollment codes. Enrollment codes are a new way to enroll iOS devices with less manual information input on the device. This method is useful for enrollment performed by the device user and bulk enrollment.
- Rooted device detection. Identify if any enrolled Android Enterprise devices have been rooted.
- Android serial number reporting. View the serial numbers for Android Enterprise devices in the Network View.
-
Expanded Windows 10 notifications. Notifications in the Windows 10 Action Center are now available for software distribution, remote control, and reboot settings. Custom branding has also been centralized, making it even easier to configure and preview!
-
Linux agent CSA support. Linux agents can now communicate through the Cloud Services Appliance (CSA). This allows for off-network support of these devices, including getting inventory and patch information through the CSA similar to the way Windows and macOS work today.
Office 365 patching improvements. Added support for Office 365 patch downloads over HTTP. Earlier versions only supported downloads from a UNC share that wasn't available if the device wasn't on the same network as the core server.

- Service update 3 readme (Ivanti Community)
- Tutorials. Quickly learn how to use important Endpoint Manager features with our new video tutorials covering agent deployment, remote control, patch management, software distribution, modern device management, and provisioning.
- Azure Active Directory for Apple MDM. Added support for macOS and iOS Active Directory MDM enrollment using on-boarding accounts.
- iOS/iPadOS application portal. Curate a catalog of applications to make available to iOS and iPadOS devices managed through Endpoint Manager MDM.
- Mac MDM enrollment URLs. Enroll Mac devices in MDM using enrollment URLs.
- Rename Apple devices. Rename MDM managed Apple devices from the Management Console. The new name will show in the network view and in the device's about information.
- Remote control session recording. Record remote control sessions and save them to an Amazon S3 bucket.
- Download patch content directly from vendors. Save VPN bandwidth by having clients download patches from vendors when possible.
- MSIX application support. You can now install windows .msix and .msixbundle applications.
- Email alerting enhancements. Configuration has been enhanced to allow automatic TLS/SSL protocol detection and manual port configuration.
Version 2019.1
- Initial release readme (Ivanti Community).
- Agentless remote control. Self-contained remote control agent application for Windows and macOS devices.
- Standalone remote control viewer. Self-contained remote control viewer application for administrators and helpdesk personnel.
- Patch impact analysis. Analyze the impact of patches on your environment before you deploy them.
- Patch definition filtering. Helps you easily define what you want to patch in your environment.
- CVE to patch. Import a .csv formatted list of CVEs and automatically map them to patch data.
- Endpoint Security agent settings interface simplification. It's now easier to configure Endpoint Security agent settings.
- Software distribution Windows action improvements. More supported Windows actions with enhanced reboot and logging support.
- Core sync security improvements. Core sync now uses certificates and trust relationships between core servers. When upgrading to 2019.1, you must configure these items for core sync to work.
- Client cache retention customization. You can now customize distribution and patch cache retention for packages and patches. This customization overrides the default global cache retention settings.
- Privilege management. Integration with the Ivanti Application Control product so you can deploy Application Control configurations using Enpoint Manager.
- New MDM payloads. New settings payloads have been added to the configuration profile editor for macOS configurations, macOS device configurations, mobile compliance, iOS configurations, tvOS configurations, and Windows configurations.
- New Apple mobile device commands. Send commands to Apple mobile devices to restart, shutdown, or enable lost mode on a device. These commands can be sent by right-clicking on a device in the inventory or through the diagnostics tool.
Version 2019.1 service updates
Service update documentation changes:

- Service update 1 readme (Ivanti Community).
- Android Enterprise work profile management. Use Android Enterprise work profiles to manage settings and apps on devices, perform device actions from the console, and secure and separate corporate data from personal data.

- Service update 2 readme (Ivanti Community).
- Reported patches security activiy view. This new feature analyzes and summarizes how successful your Windows patch deployments have been.
- Ivanti Antivirus 2017 Real-time protection tab. Use this new tab to configure real-time protection options.
- New remote control authentication option. There's a new Windows NT security server authenticated remote control option. This is similar to the existing Windows NT security/local template option but is more secure.
- Windows action continue on failure option. When configuring software distribution Windows actions, you can now select a Continue on failure option for each step. This allows an action package to complete successfully even if an action in it can't complete.
- Privilege management agent deployment options. You can now maintain and deploy multiple privilege management agent versions.

- Service update 3 readme (Ivanti Community).
- Android Enterprise fully managed device mode. Android Enterprise fully managed device mode offers extensive control over device policies, settings, and applications for your company owned devices.
- Android Enterprise kiosk device mode. Kiosk mode is for devices intended for a single use or an extremely limited scope of use. Kiosk mode (also known as dedicated device mode) locks fully managed devices to a single app or set of apps.
- Wi-Fi settings for mobile Android configurations. When configuring agent settings for Android devices, you can create a Wi-Fi payload to define how devices connect to your network.
- CrowdStrike security activity view. This new feature helps you identify devices that don't have a CrowdStrike agent installed. In a single place view CrowdStrike agent status and agent details from both CrowdStrike and the Ivanti inventory scanner.
- Software distribution cloud storage. Store your software distribution packages on Amazon S3 or Azure blob storage for deployment anywhere in the world. Use this alongside or in place of your existing preferred servers.

- Service update 4 readme (Ivanti Community).

- Service update 5 readme (Ivanti Community).

- Service update 6 readme (Ivanti Community).
Version 2018.3
- Initial release readme (Ivanti Community).
- Remote Control WS enhancements. You can now use role-based administration, file transfer, and remote file execution with the new remote control engine.
- Custom variable support for Windows actions. You can now add custom variables that can be used in Windows PowerShell package actions.
- Improved Endpoint Security agent setting. Simplifies endpoint security configuration. Many of the options in this agent setting can be configured in other agent settings, but this agent setting gathers important options in one place and helps you configure Endpoint Security by following Ivanti's recommended best practices.
- Patch user feedback. When enabled, this feature installs a special driver on Windows endpoints that monitors file changes and deletions made by patches. Users on endpoints will also have a new "Report broken application" tool that they can use to report problems, helping administrators identify the associated patches and files.
- Windows Autopilot support. You can now automatically enroll Windows 10 devices in MDM by integrating Azure Active Directory and your MDM server.
- MSI software distribution for Windows MDM devices. You can now create MSI software distribution packages for MDM managed Windows devices.
- New packages for distributing the agent to MDM devices. You can now create packages to automatically install the Agent on Windows 10 and macOS devices during MDM enrollment. The same packages can also be used to install the Agent on devices that are already enrolled in MDM.
Version 2018.1
- Initial release readme (Ivanti Community).
- Software distribution enhancements. Added maintenance window and do not disturb support. Added email address targeting (based on Computer.LDAP User.Primary Owner.Email) in tasks.
- Portal Manager enhancements. Now supports full rebranding, including custom fonts, taskbar icon, corporate logo, header background, and application background.
- Diagnostics tool enhancements. Granular RBA rights support. New reboot, shutdown tools. Can now rename Windows computer names.
- New HTML5 Web Sockets remote control. Redesigned higher-performing and more secure remote control.
- Windows CSP support. You can now configure Windows CSPs (Configuration Service Profiles) and deploy them through MDM (Mobile Device Management).