New features summary

This section provides summaries of new features and enhancements available in this release. References to documentation describing these features and enhancements are also provided, when available.

For new features and enhancements provided in previous versions, see the release notes for those versions.

This release includes the following new features and enhancements:

• Content changes for rebranding and distribution: Product documentation has been rebranded to align with Ivanti standards and is now available on the Ivanti documentation website.
  

• Support to manage the enterprise Play Store using enterprise provisioning account only: Google accounts added to a device using the Google Account configuration can now be restricted from managing the enterprise Play Store. For all enterprise modes, this restriction is automatically applied when "Disallow modify accounts" is checked in the corresponding Lockdown & Kiosk: Android Enterprise configuration. This applies only to devices provisioned using a Managed Google Play Account. The installed Google Play application should be version 80970100 or newer.
  
  On Cloud, go to Configurations > Lockdown & Kiosk: Android Enterprise > Work Managed Devices > Disallow Modify Account to enable.
  

• Allow/disallow personal apps for a work profile on company-owned device: Administrators can now control the apps a user is allowed to install in the personal profile.
  On Cloud, go to Configurations > App Control > Android Work Profile on Company Owned Devices to configure.
  

• Support for an enhanced enterprise registration: Device users no longer have to manually launch Go when registering as a work profile on company-owned device. Registration is now prompted during the setup wizard. This also applies when registering a fully-managed device using a QR code, Google Zero Touch, or Knox Mobile Enrollment.
  
  Additionally, the decision to provision as a fully-managed device or a work profile on company-owned device is now based on the configuration distributed by Cloud. The workProfileEnabled flag, used for Zero Touch or Knox Mobile Enrollment, is no longer required and is ignored if specified. In the Provisioner app, the provisioning mode selection is ignored for Go 78 and higher. For more information on Android Enterprise Device Owner / WPCOD mode enrollment flow, see this KB article.
  

  As a result of these enhancements, the enterprise mode flags are no longer available during registration for configuring dynamic groups. If the enterprise provisioning configuration distribution depends on these flags, Cloud will not send provisioning configurations to Android 11 corporate-owned devices, causing a misconfiguration wipe. To avoid this, do not rely on the enterprise flags anymore, and instead update or add additional rules to handle dynamic groups. For more information, see this KB article.
  

• Clear application user data at logout from shared kiosk on Android 9 and above: Administrators can now choose to clear app data when a user logs out of shared kiosk. With this option enabled, all the application data is cleared without any prompts when the user logs out of the kiosk. App data cannot be cleared on certain apps, such as Google Chrome, Android System WebView, and hidden system apps.
  

• Request user permission to enable location services on Android 10 and later:
  For Android 10 or newer versions, on a fully-managed device or fully-managed device with work profile, location services were previously enabled automatically when needed to support Wi-Fi or Mobile Threat Defense Activation configurations. Administrators now have the option to prompt the user for permission to enable location services. If the user denies permission, the Wi-Fi configuration will not be installed and the Mobile Threat Defense feature will have reduced functionality.
  On Cloud, go to Configurations > Privacy, enable "Prompt user to enable location services if Wifi/MTD configuration is pushed (Fully Managed and Work profile for Company Owned Devices)."
  

• Domain substitution for shared device kiosk: Administrators can optionally configure a default domain for shared kiosk login. If a user enters only a username when logging into a shared kiosk device, the configured domain will be automatically appended to the username during login. The new "Use domain substitution" option will appear in Lockdown & Kiosk: Android enterprise configuration for work managed devices when "Enable Shared Device" and "Enable Login" are selected.

  This option checks the username for domain suffix. If the domain suffix is missing, the system automatically appends the domain suffix to the username.
  
  Select Use domain substitution and enter the domain appropriately.
  

• Android 5 deprecated: Devices running any Android version below Android 6.0 will not be able to install Go for Android 78 or newer versions.
  

• Support for Device Owner registration of Android Open Source Project (AOSP) devices: Cloud supports Device Owner registration of Android Open Source Project (AOSP) devices without the need for Google Mobile Services (GMS).
  

• Support to activate Samsung Knox standard license for Work profile mode: With Android 11 and later, Go client users with Samsung devices in Work Profile mode (in employee-owned devices and company-owned devices) will be prompted to activate the Samsung Knox standard license on new registrations.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.