New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.

- OS Update downloads on Zebra devices: New enhancements have been introduced to define more granular parameters for Zebra OS Updates. The new enhancements introduced in this feature are currently in preview and require a corresponding feature on the R89 version of Ivanti Neurons for MDM. The existing behavior and functionalities will not be impacted for customers who don't participate in this preview.
- Minimum required battery level
- Require the device to be charging
- Minimum required battery level
- Require the device to be charging
- Unbundle Secure Apps Manager (SAM) from the Go app: To reduce the Go app size, the Secure Apps Manager (SAM) app is now downloaded from Ivanti's hosted repository.
- Samsung APIs deprecated: The following features have been deprecated by Samsung as part of API deprecation:
- Certificate Management – Not supported in Samsung devices using Samsung APIs
- Android Encryption Configuration: Deprecated for Samsung devices in Device Admin mode on Android 11
- Exchange Configuration : Deprecated for Samsung devices on Android 9+
- Lockdown & Kiosk: Samsung Knox Standard Configuration : Deprecated for Samsung devices on Android 9 and later versions
- Lockdown and Kiosk: Android Device Admin Mode Configuration: Deprecated for Samsung devices on Android 8 and later versions.
- Minimum Wi-Fi Security Level: On Android 13+ devices, the Minimum Wi-Fi Security Level can be set using one of the following four options:
- No minimum security required
- Personal Network Based Security
- Enterprise EAP Network Based Security
- Enterprise 192 Network Based Security
- Secure Apps Manager(SAM) version update: This release of Go supports SAM 9.4.1.0.
- Controlling the Screen Management Settings: The administrator can now control the following device screen settings in device owner and company-owned device modes:
- Screen brightness mode (Manual or Adaptive)
- Screen brightness level
- Screen off timeout
- Screen rotation
The following enhancements are introduced in this release:
Initiate Download Request - The following two new preconditions are added to initiate the download request:
During Download (new condition added) - Allows the download to continue outside of the specified ‘Download Schedule’: When this option is selected, the download in progress will continue until it is finished. When this option is not selected, the download will be canceled (on the next compliance check).
OS Update Request section - The following two new preconditions are checked before submitting an install request to Zebra:

- Renewed certificate installation: Renewed identity certificates pushed from Ivanti Neurons for MDM now install on Android devices without any administrator intervention.
- Security and Network logging: In the Device Logging configuration, collection of Android security and network logs can now be enabled. When enabled, these logs will be automatically included when the Request Debug Logs device option is selected.
- Modern authentication for shared kiosk login: Shared kiosk login now supports FIDO-based hardware authenticators. This requires Ivanti Neurons for MDM to be integrated with a supported Identity Provider.
Mode |
Supported Android versions |
Device Owner and Device Owner - AOSP |
7,8,9,10,11,12,13 |
Corporate-Owned, Personally Enabled |
8,9,10 |
Profile Owner |
NA |
EPO |
11,12,13 |
Mode |
Supported Android versions |
Device Owner and Device Owner - AOSP |
8,9,10,11,12,13 |
Corporate-Owned, Personally Enabled |
8,9,10 |
Profile Owner |
12,13 |
EPO |
12,13 |

-
RealWear bulk enrollment: Provisioning of RealWear devices to fully managed AOSP mode using a QR code now supports bulk enrollment parameters, such as "server", "user", and "token." This allows for a more effective onboarding process.
-
App restrictions for In-house apps: The administrator can now set app restrictions and allow or deny some permissions for In-house apps on fully managed devices.
-
File Transfer configuration: This new configuration can be used to transfer files to the device and these files can be shared from the Go app to other apps on the same device.
-
Report device battery status to the server: The admin can now get the device battery status so that it can be used for Dashboard Widgets and Dynamic Device Grouping. The following details about the device battery will be available:
- Battery Level
- Battery Health Status
- Battery Charging Status
- Battery Health Percentage
- Battery Manufacturing Date
- Battery Charging Cycles
-
Support to display notifications in Kiosk mode: A Notifications item has been added to the Kiosk Settings menu. Tapping this item directs the user to the notifications area. When Go has a notification to display, it will be available in this notifications area.

- Device Name: When available, devices will now report the device name, which is displayed in the Overview tab. If the user changes the device name, it will be shown after the next device check-in.
- RAM usage: The current, highest, and lowest RAM usage is now reported in the app at Settings > About > Product Details > Memory Usage.
- Support TeamViewer Unattended mode in all fully managed devices: On Android Go 83 devices, TeamViewer works in Unattended mode on all fully managed (DO mode) devices without any manual intervention after the initial setup is complete on the device.
- Support for new scope delegation using EMM DPC: The admin can configure some apps to be granted the following scopes using EMM DPC:
- For Android 10 and 11 - Fully managed
- For Android 12 and later - Fully managed, work profile, and work profile on corporate-owned device
- Modern authentication login procedure for shared kiosk devices: On Android shared kiosk devices, when a user logs in for the first time, the user provides a username and password. For future logins, the username will be stored and next time when the same user tries to log in, the username can be selected from the recent user list without the need to enter a username.
- Android 11 AOSP devices: AOSP devices running Android 11 are now supported.
- Send Provisioning failure client logs to the Cloud server: If the app determines that provisioning is failing, then the failure client logs will be sent to the MobileIron Cloud server.
Scope |
OS limitations |
Supported modes |
Set and Get App Restrictions |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage blocking app uninstallation |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Enabling System Apps |
Android 8 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Certificate Selection |
Android 10 and later For grant/revoke certificate key pairs - Android 11 and later |
Fully managed, work profile, and work profile on corporate-owned device |
Manage Retention of Uninstalled Apps |
Android 9 and later |
Fully managed |
MobileIron Private: Install and remove existing packages |
|
Fully managed |
Manage Network Log Collection |
Android 10 and later |
|
Manage Security Log Collection |
Android 12 and later |
Fully managed or work profile on company-owned device |
Manage Installation of Existing apps |
Android 9 and later |
Fully managed and managed device with work profile (profile side) |
The Manage Certificate Selection, Manage Network Log Collection, and Manage Security Log Collection scopes can only be granted to a single app at a time.

-
BLE support for FIDO users: FIDO users can now unlock their desktop on Android using BLE technology in offline mode.
For more information, see "Fast Identity Online (FIDO2) or Zero Sign-on with Access" in the Access Guide.
-
Support for Passcode complexity on Android 12+ devices: On Android 12+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity has higher priority than Password Quality for Device Passcodes.
-
Granularity for Android devices with Lock Task Mode (LTM): When the LTM option is selected, admins can allow the “Device Settings” app to be available for kiosk settings or other apps that are distributed to the kiosk device when it is in use. This allows some apps to use system services accessed through the settings app of the device. By default, this option is disabled.

-
Support Auto-launch of app on install: The Auto-launch on install option is now available for Public, Private, and In-house apps in the Managed Play App Configuration section.
-
Juniper Junos Pulse VPN configuration: Support for Juniper Junos Pulse VPN configuration withdrawn.
-
Legacy Email+ (non-AE, non-AppConnect) no longer supported: Support for legacy Email+ for Device Admin mode (non-enterprise, non-AppConnect) withdrawn.
-
Support for enrollment-specific identifier: Android 12 devices enrolled as Android enterprise will have a unique enrollment-specific identifier, which will remain stable across factory resets. In the case of employee-owned devices, the enrollment-specific identifier should be used to replace hardware-based identifiers as the UEM solution will not have access to hardware identifiers such as IMEI, Serial Number, and MEID for employee-owned devices.
-
Sensor-related app permissions for Android 12 devices: Sensor-related app permissions can no longer be auto-granted in a work profile or work profile on a corporate-owned device. In addition, for Wi-Fi configurations, users will no longer be asked to enable location services in any mode. However, for MTD, there is no change from the existing behavior, and users are still prompted for location services.