New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.

- Android 14 support: Ivanti Go now supports Android 14.

- Google account configuration: If a Google account configuration fails to install, the user will be prompted immediately to try again.
- Enhanced Unlock command: Administrators now have the option to specify a specific unlock code, using a minimum of 6 alphanumeric characters. This feature is dependent on a future server upgrade and feature availability on Ivanti Neurons for MDM.
- Enhanced support for non-GMS fully managed devices: The following configurations are now supported:
- Mobile Threat Defense Activation
- Mobile Threat Defense Local Actions
- Anti-phishing Protection
- Partner Device Compliance (Intune)
- Android Shortcut
- Custom (Zebra)
- App Catalog for Android (branding)
- Customize app layout in kiosk mode: Administrators can now group apps within folders in the allowed apps list.

- Enhancements to support app certificate renewal: New enhancements are added to support the automatic renewal of app certificates to maintain client-server communication for continuous enhancements.
- Support to Enter Kiosk and Exit Kiosk in Shared Kiosk: The administrator can now troubleshoot or perform any task on a shared kiosk device and the kiosk user remains logged in without the need to log out of the kiosk completely. Once the administrator finishes troubleshooting the device, Enter Kiosk will return the user back to the kiosk screen directly, without the need to log in again.
- App usage data collection: When App Usage is selected in the Device Logging configuration on Ivanti Neurons for MDM and Force Check-in is performed on a device, the app usage data will be collected after allowing the Enable App Usage Logging permission on the device. The App Usage data will be shared back with Ivanti Neurons for MDM depending on the selected frequency (Daily, Weekly, Monthly, or Yearly). This functionality requires Secure UEM Premium license and corresponding server side functionality.
The data usage cannot be reported on Samsung devices (with Android 9) because of OS limitation.
- Support Password with Ivanti Neurons for MDM in DPC extras: Including a password as part of sending DPC extras to Ivanti Neurons for MDM is supported now. Passing passwords in setup allows administrators to have simplified deployment and is not a recommended security practice.
- Wi-Fi support for TLS: The administrator has options to provide outer-identity and domain when the EAP type is TLS.
- MAC Address Randomization: On Android 13+ devices, MAC Address Randomization options have been added to the Wi-Fi Configuration. It is recommended to not disable randomization on Work Profile devices as Wi-Fi MAC address reported to Ivanti Neurons for MDM will not be the physical MAC being used by the device (to preserve user privacy).
- Branding updates
- The MobileIron Go app has been renamed to Ivanti Go.
- The app name, logo, and other branding info have been updated in the app and on Google Play.

- OS Update downloads on Zebra devices: New enhancements have been introduced to define more granular parameters for Zebra OS Updates. The new enhancements introduced in this feature are currently in preview and require a corresponding feature on the R89 version of Ivanti Neurons for MDM. The existing behavior and functionalities will not be impacted for customers who don't participate in this preview.
- Minimum required battery level
- Require the device to be charging
- Minimum required battery level
- Require the device to be charging
- Unbundle Secure Apps Manager (SAM) from the Go app: To reduce the Go app size, the Secure Apps Manager (SAM) app is now downloaded from Ivanti's hosted repository.
- Samsung APIs deprecated: The following features have been deprecated by Samsung as part of API deprecation:
- Certificate Management – Not supported in Samsung devices using Samsung APIs
- Android Encryption Configuration: Deprecated for Samsung devices in Device Admin mode on Android 11
- Exchange Configuration : Deprecated for Samsung devices on Android 9+
- Lockdown & Kiosk: Samsung Knox Standard Configuration : Deprecated for Samsung devices on Android 9 and later versions
- Lockdown and Kiosk: Android Device Admin Mode Configuration: Deprecated for Samsung devices on Android 8 and later versions.
- Minimum Wi-Fi Security Level: On Android 13+ devices, the Minimum Wi-Fi Security Level can be set using one of the following four options:
- No minimum security required
- Personal Network Based Security
- Enterprise EAP Network Based Security
- Enterprise 192 Network Based Security
- Secure Apps Manager(SAM) version update: This release of Go supports SAM 9.4.1.0.
- Controlling the Screen Management Settings: The administrator can now control the following device screen settings in device owner and company-owned device modes:
- Screen brightness mode (Manual or Adaptive)
- Screen brightness level
- Screen off timeout
- Screen rotation
The following enhancements are introduced in this release:
Initiate Download Request - The following two new preconditions are added to initiate the download request:
During Download (new condition added) - Allows the download to continue outside of the specified ‘Download Schedule’: When this option is selected, the download in progress will continue until it is finished. When this option is not selected, the download will be canceled (on the next compliance check).
OS Update Request section - The following two new preconditions are checked before submitting an install request to Zebra:

- Renewed certificate installation: Renewed identity certificates pushed from Ivanti Neurons for MDM now install on Android devices without any administrator intervention.
- Security and Network logging: In the Device Logging configuration, collection of Android security and network logs can now be enabled. When enabled, these logs will be automatically included when the Request Debug Logs device option is selected.
- Modern authentication for shared kiosk login: Shared kiosk login now supports FIDO-based hardware authenticators. This requires Ivanti Neurons for MDM to be integrated with a supported Identity Provider.
Mode |
Supported Android versions |
Device Owner and Device Owner - AOSP |
7,8,9,10,11,12,13 |
Corporate-Owned, Personally Enabled |
8,9,10 |
Profile Owner |
NA |
EPO |
11,12,13 |
Mode |
Supported Android versions |
Device Owner and Device Owner - AOSP |
8,9,10,11,12,13 |
Corporate-Owned, Personally Enabled |
8,9,10 |
Profile Owner |
12,13 |
EPO |
12,13 |

-
RealWear bulk enrollment: Provisioning of RealWear devices to fully managed AOSP mode using a QR code now supports bulk enrollment parameters, such as "server", "user", and "token." This allows for a more effective onboarding process.
-
App restrictions for In-house apps: The administrator can now set app restrictions and allow or deny some permissions for In-house apps on fully managed devices.
-
File Transfer configuration: This new configuration can be used to transfer files to the device and these files can be shared from the Go app to other apps on the same device.
-
Report device battery status to the server: The admin can now get the device battery status so that it can be used for Dashboard Widgets and Dynamic Device Grouping. The following details about the device battery will be available:
- Battery Level
- Battery Health Status
- Battery Charging Status
- Battery Health Percentage
- Battery Manufacturing Date
- Battery Charging Cycles
-
Support to display notifications in Kiosk mode: A Notifications item has been added to the Kiosk Settings menu. Tapping this item directs the user to the notifications area. When Go has a notification to display, it will be available in this notifications area.

- Device Name: When available, devices will now report the device name, which is displayed in the Overview tab. If the user changes the device name, it will be shown after the next device check-in.
- RAM usage: The current, highest, and lowest RAM usage is now reported in the app at Settings > About > Product Details > Memory Usage.
- Support TeamViewer Unattended mode in all fully managed devices: On Android Go 83 devices, TeamViewer works in Unattended mode on all fully managed (DO mode) devices without any manual intervention after the initial setup is complete on the device.
- Support for new scope delegation using EMM DPC: The admin can configure some apps to be granted the following scopes using EMM DPC:
- For Android 10 and 11 - Fully managed
- For Android 12 and later - Fully managed, work profile, and work profile on corporate-owned device
- Modern authentication login procedure for shared kiosk devices: On Android shared kiosk devices, when a user logs in for the first time, the user provides a username and password. For future logins, the username will be stored and next time when the same user tries to log in, the username can be selected from the recent user list without the need to enter a username.
- Android 11 AOSP devices: AOSP devices running Android 11 are now supported.
- Send Provisioning failure client logs to the Cloud server: If the app determines that provisioning is failing, then the failure client logs will be sent to the MobileIron Cloud server.
Scope |
OS limitations |
Supported modes |
Set and Get App Restrictions |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage blocking app uninstallation |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Enabling System Apps |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Certificate Selection |
Android 10 and later For grant/revoke certificate key pairs - Android 11 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Retention of Uninstalled Apps |
Android 9 and later |
Fully managed |
MobileIron Private: Install and remove existing packages |
|
Fully managed |
Manage Network Log Collection |
Android 10 and later |
|
Manage Security Log Collection |
Android 12 and later |
Fully managed or work profile on company-owned device |
Manage Installation of Existing apps |
Android 9 and later |
Fully managed and managed device with work profile (profile side) |
The Manage Certificate Selection, Manage Network Log Collection, and Manage Security Log Collection scopes can only be granted to a single app at a time.

-
BLE support for FIDO users: FIDO users can now unlock their desktop on Android using BLE technology in offline mode.
For more information, see "Fast Identity Online (FIDO2) or Zero Sign-on with Access" in the Access Guide.
-
Support for Passcode complexity on Android 12+ devices: On Android 12+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity has higher priority than Password Quality for Device Passcodes.
-
Granularity for Android devices with Lock Task Mode (LTM): When the LTM option is selected, admins can allow the “Device Settings” app to be available for kiosk settings or other apps that are distributed to the kiosk device when it is in use. This allows some apps to use system services accessed through the settings app of the device. By default, this option is disabled.

-
Support Auto-launch of app on install: The Auto-launch on install option is now available for Public, Private, and In-house apps in the Managed Play App Configuration section.
-
Juniper Junos Pulse VPN configuration: Support for Juniper Junos Pulse VPN configuration withdrawn.
-
Legacy Email+ (non-AE, non-AppConnect) no longer supported: Support for legacy Email+ for Device Admin mode (non-enterprise, non-AppConnect) withdrawn.
-
Support for enrollment-specific identifier: Android 12 devices enrolled as Android enterprise will have a unique enrollment-specific identifier, which will remain stable across factory resets. In the case of employee-owned devices, the enrollment-specific identifier should be used to replace hardware-based identifiers as the UEM solution will not have access to hardware identifiers such as IMEI, Serial Number, and MEID for employee-owned devices.
-
Sensor-related app permissions for Android 12 devices: Sensor-related app permissions can no longer be auto-granted in a work profile or work profile on a corporate-owned device. In addition, for Wi-Fi configurations, users will no longer be asked to enable location services in any mode. However, for MTD, there is no change from the existing behavior, and users are still prompted for location services.