New features summary

• Administrators who modify CE settings now identified as also causing corresponding configuration changes: When administrators modify a certificate enrollment (CE) setting, they cause changes to configurations that use that CE setting. The modification history field now identifies the administrator who made the CE setting change as the administrator who caused the configuration changes. For more information, see Monitoring modifications to certificate enrollment settings.
• Extended expiration renewal window for mutual authentication certificates: The window to renew mutual authentication certificates has increased from 60 to 270 days. For more information, see .

  Event Center templates changes: The $SERVER_IDENT variable was removed from the $DEFAULT_POLICY_VIOLATION_MESSAGE variable and is now part of the Event Center template. Add the $SERVER_IDENT variable to the template to display server identity in an alert message. The $SERVER_IDENT variable is also a substitution variable in compliance actions. Use of this variable depends on whether the compliance action was updated from version 1 to version 2. For V1 actions, include this variable in the Event Center template or as part of the alert message text in the compliance action. For V2 actions, include this variable only as part of the alert message text in a compliance action.

  For more information, see Adding custom Event Center messages.

• Increase in LDAP Custom Attributes support: Ivanti EPMM now supports a maximum of 20 LDAP Custom Attributes as substitution variables. Further Custom Attributes can only be used to define Labels. To create these custom attributes, go to Core > Go to Services > LDAP > Modify LDAP form. For more information, see Adding custom attributes to users and/or devices.

• New option for Unlock command provided: For Android Enterprises, administrators can set a six digit unlock PIN for specific devices. If this setting is used, "Unlock Device with Custom Pin <Pin Value>" will display in the audit logs.

  For more information, see Setting the unlock PIN for a specific device and Assigning user portal device management roles.

• New Action menu item to sync device compliance status with Azure: Administrators can sync the compliance status only for authorized devices from Ivanti EPMM to Azure. When syncing for non-authenticated / non-related Azure devices, an error message displays listing device names. When the administrator performs a manual sync, a detailed Audit Log is generated for the devices. Applicable to all types of Azure tenants, for example: Standard, GCC_High, and DOD.

  For more information, see Syncing the Device Compliance status of devices.

• Support for independent, customized messages and email subjects for each Compliance Action tier: In previous releases, only one customized message could be sent for all Compliance Action tiers supported in Compliance Policies > Compliance Policy Rule. Starting in this release, administrators have the ability to create and send independent, customized messages and email subject lines for each of the now 20 possible Compliance Action tiers.

  For more information on customized messages and email subject lines for compliance action tiers, see and Custom compliance policies.

• Send device compliance data to multiple Microsoft Office 365 tenants: Administrator can configure device compliance data to be sent to multiple Microsoft Office 365 tenants in standard environments.

  For more information see Connecting Microsoft Azure to Ivanti EPMM.

• New Global Policy to configure apps per label in bulk: Administrators can deploy an app to different kinds of users using different settings (silent install, auto-update, mandatory, etc.) for different labels. Administrators can create one policy to configure one or multiple apps at the same time. After setting a basic global policy, administrators can edit all the settings for each label assigned to the app. When viewing and editing the per-label settings, administrators can set the app to default to the global setting so only the settings that are different for that label need to be changed. For more information, see Global App Config Settings policy.
• New Force Retire Option: Usually, when you issue a Retire command for a device, it is moved to a Retired state and is considered "Retire Pending." Sometimes the devices remain in the Retire Pending state. Core offers a Force Retire check box to make sure the device is Retired. You can also schedule the retirement of Retire Pending devices.

  Go to Settings > Users and Devices > Retire and Delete. In the retire devices section, there are settings that allow you to retire the retire pending devices, based on the last check-in time, with on-demand actions and scheduled action.

  For more information, see Retiring a device and Retiring the Retire Pending devices.

• Ability to remove profiles from individual devices: Similar to the Push Profiles option is a new feature that allows administrators to manually Remove Profiles from specific devices. This feature is helpful for troubleshooting specific devices, for example, overriding the default label for that device. For more information, see Pushing device profiles.

• Client ID added to Device Details: For troubleshooting purposes, Client ID has been added to the Device Details page. Administrators can also search for Client ID as well. For more information, see Advanced searching .

• Windows registration configurations enabled upon upgrade: For new Core deployments, Ivanti’s support for Windows device management is available in Core, Ivanti EPM, and Ivanti Neurons for MDM.

This release includes the following new features and enhancements.

Some features for Windows devices are documented but may not be available in your installation.

• Support for Bridge Service Failure Recovery options: In rare cases, the Bridge Service fails without a known reason. In Core 11.6.0.0, Bridge service failure recovery is pre-configured, thus allowing device users to continue using the Bridge Service without any major issues. Applicable to Bridge v 2.1.14.0. The new 2.1.14.0 version of the Bridge application will get imported into the App Catalog for Core 11.6.0.0+. This Bridge version will be pushed to Windows devices as they check in. For more information, see Support for Bridge Server Failure Recovery .

This release includes the following new features and enhancements.

Some features for Windows devices are documented but may not be available in your installation.

• Support for bridging old and new client mutual authentication CA certificates: Previously, updating a Certificate Authority (CA) certificate for client mutual authentication required re-registering all devices currently enrolled under that certification. With this release, you can:

  • Upload and select a new client mutual authentication certificate for devices going forward
  • Retire the previous certificate, while still allow existing devices to check in.

  For more information, see Bridging old and new client mutual authentication CA certificates.

• More context for some audit logs: Previously, audit logs only included information about what was changed. With this release, some logs (configurations, policies, labels, compliance groups, rules and actions) will also include the "before" values as well as the "after". You can view the logs from the Core Logs > Audit Logs page. Logs with before and after values display an icon you can select to see the new information. The new log information is generated for the following actions:

• Create - The "Before" column will be empty.
• Edit or change - Both before and after values display.

• Delete - The "After" column will be empty.

  For more information, see Audit log information.

• New customization options for the self-service user portal (SSP): Three new customization options are available in this release that determine whether or not clients can see a particular part of the SSP:

  1. Hide or display the self-service portal (SSP) Activity page: A new configuration check box has been added to the Settings > System Settings > General > Self-Service Portal page that allows you to choose whether or not to show users their activity in the SSP. This option is enabled by default. When deselected, the SSP Activity page does not display to users. For more information, see Disabling device history logs in the SSP.

  2. Hide or display the Settings option: Previously, the Settings option was always visible to client users from the SSP Action menu (upper-right, under user name). In this release, the administrator has the option to remove the Settings link from the SSP Action menu. Two new check boxes are available from the Settings > System Settings > General > Self-Service Portal page:

     • Show settings for local users - Deselecting this option disables the Settings menu for local users.
     • Show settings for LDAP users - Deselecting this option disables the Settings menu for LDAP users.

  3. Hide or display the QR code and registration URL: A new configuration check box has been added to the Settings > System Settings > Users & Devices > Device Registration page that allows you to choose whether or not to show users a QR code and registration URL. This option is enabled by default. When deselected, the QR code and registration URL do not display to users. For more information, see Disabling the QR code and registration URL.

  For more information, see Disabling options in the SSP.

• Windows registration configurations disabled upon upgrade: For new Core deployments, Ivanti’s support for Windows device management has been transitioned to Core and Ivanti Neurons for MDM.

This release includes the following new features and enhancements.

There are no new features for Windows with this release.