New features summary

This section provides summaries of new features and enhancements available in this release. References to documentation describing these features and enhancements are also provided, when available. For new features and enhancements provided in previous versions, see the release notes for those versions.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.

iOS, macOS, tvOS

New restrictions added: The Allow Auto Unlock and Allow Finger Print for Unlock restrictions are added to macOS 10.12+ and 10.12.4+, respectively. For more information, see macOS Restrictions.
Managed Apps support extends to macOS Big Sur: The support for managed apps now extends to macOS. Similar to the iOS aps, the macOS apps delivered to company Mac (Big Sur) devices through MDM are managed apps. By default, the apps are installed as unmanaged apps. The administrator can select the "Install as Managed" option in the app configuration to install the app as a managed app. Managed apps are not supported on user enrolled devices. The administrator can also perform the following actions:
- Remove macOS apps from the device
- Automatically remove macOS apps upon unenrollment
- Convert unmanaged macOS apps to managed macOS apps
  
  Only in-house (non MIP apps and non multi-app pkg) and VPP apps are managed on macOS 11+. Public apps are not managed.
New setup modes added for Wi-Fi configuration: New setup modes System and Login Window added to enable Wi-Fi on iOS and macOS devices. For more information, see Wi-Fi.
Silent Registration (for macOS only) option is enabled by default: The Silent Registration (for macOS only) option no longer appears in the Settings (Apple) user interface because it is now enabled by default.
Support to delete one or multiple inactive user accounts: The administrator can delete one or multiple user accounts. This deletes the user account from all the shared iPad devices into which the user was logged. For more information, see the Deleting users from users tab section in Shared iPad for business.
Auto Advance Setup enabled for macOS and tvOS: The Auto Advance Setup mode is now supported on macOS and tvOS. When enabled, the setup assistant automatically advances through the device setup screens to complete the setup steps. Default is set to false. For more information, see Admin > Apple > Device Enrollment.
Support to configure Ethernet on macOS enabled: Payload for configuring Ethernet interface is now supported on macOS. For more information, see Ethernet (macOS).

Android

Enabling Android Enterprise to access Google Play store: Users must now enable Android Enterprise access to Google Play Store to add applications from the Allowed Apps policy and App lists. For more information, see Monitoring and Controlling Allowed Apps and App Catalog.
Allow/disallow personal apps for a work profile on company-owned device: Administrators can now control the apps a user is allowed to install in the personal profile.

On Cloud, go to Configurations > App Control > Android Work Profile on Company Owned Devices to configure. For more information, see App Control Configuration: Control Which Apps Are Installed Per Device.
Support to update apps in High Priority and Postpone modes at the application level: The newly added App Update Mode feature enables the admin to install the latest version of an app once it is available on the Managed Play Store.

Use one of the following modes to update the app to the latest version:
- Default – The admin can install the updated app within 24 hours once the app is available.
- Postpone for 90 days - The admin can postpone the installation up to 90 days.
- High priority - If the user’s device is online, the app will be installed once it is available on the Play Store.
For more information, see "Configuring installation options" in App Configuration section.
Support to clear application user data: Users can now enable or disable the application user data on a Shared Kiosk. With this option enabled, all the application data is automatically cleared without any prompts when the user logs out of the kiosk.
- App data is not cleared for Google Chrome and webview package even if they are added in the application whitelist with clear user data enabled. This is because the Kiosk might crash if app data is cleared for these 2 packages.
- App data is not cleared for System applications for which application launcher is not available (both inside and outside Kiosk).
For more information, see "Work Managed Devices Lockdown Settings" in Lockdown & Kiosk: Android enterprise.
Deprecation of Device admin (DA) mode of managing Android devices in phased manner from Cloud 78 onwards: Any new users with a new tenant created on Cloud 78 will not be able to register any devices (Android 6 and newer) in DA mode. Any new tenants that need to enable DA registration for Android 6 to Android 9 must contact Ivanti Support.

Android 10 and newer devices will continue to be blocked from registering to DA mode.
For existing users (with or without existing DA deployments), there are no changes in terms of managing the existing DA devices (Android 6 to Android 11). However, on upgrading to Cloud 78, any newly registered devices running Android 10+ on existing tenants will also not be allowed to run in DA mode. Such existing tenants would only be able to enroll devices from Android 6 to Android 9 versions in DA mode.

If any users are planning to migrate DA devices from a Core instance to Cloud 78, ensure that Android Enterprise is enabled and at least one system config is distributed to the target set, PO, DO, or COPE before triggering the migration. This step is essential to prevent retiring of devices post migration.

DA registration type	Existing tenant (upgraded to 78)	New 78 tenant (not upgraded)
New DA registration of device with OS >=10	Not Allowed	Not allowed
New DA registration of device with OS < 10	Allowed	Not allowed
Existing DA devices with OS >= 10	Will remain active	NA
Existing DA devices with OS < 10	Will remain active	NA
Migrated DA devices with OS >= 10	Will Retire	Will Retire
Migrated DA devices with OS < 10	Will remain active	Will Retire

Other features

Disabled zero criteria value check boxes for effective search: To improve search behavior, the check boxes for criteria value count for zero values are disabled as part of search results and are listed in descending order of count.
Quick Search available on the Reports page: The quick search field now appears on the Reports page. For more information see Dashboard.

Support for pause/resume button for Slow rollout is enabled: The Slow rollout setting enables administrators to automatically roll out new versions of applications to devices gradually. The option, Use slow roll out distribution method, is available when you roll out the subsequent release of the application. The user interface lets you edit applications even when the slow rollout is paused.

Once the slow rollout is set for one release, it is applicable for the subsequent releases with the same percentage that you last release. You can pause the distribution of an application if the distribution is set to 100%.

However, if you set the distribution target to 100%, you must manually set the distribution target percentage for the next version because the user interface resets the percentage to 0%. For more information, see App Catalog.