New features and enhancements

This guide documents the following new features and enhancements:

  • Microsoft Intune Device Compliance Support added: MobileIron Core now supports Microsoft Intune device compliance. Organizations can update the device compliance status in the Microsoft Azure Active Directory (AAD.) Using conditional access from AAD, if the device is non-compliant, administrators can block the device from accessing apps. By connecting Core to the Microsoft Azure, administrators will be able to use the device compliance status of MobileIron's managed devices for conditional access to Microsoft 365 apps. In Core, administrators will see the following changes:

    • The System Settings page has a new menu item in the left navigational pane > Microsoft Azure > Device Compliance for iOS & Android. There are new fields to assist with the reporting of device compliance status to Microsoft Azure.

    • Administrators can direct device users to a specific Enrollment URL and Remediation URL. If a URL is not provided, a default URL is automatically provided by Core.

    • Once the setup is completed, Core is connected to Microsoft Azure.

    • A Partner Device Compliance policy (under Policies) needs to be created and applied to the device group that reports the device compliance to Azure.

      NOTE: It is critical to have a device compliance policy.

    • In Devices & Users > Devices > Advanced Search drop down > Common Fields section, five new fields have been added:

      • Azure Client Status Code

      • Azure Device Compliance Report Status

      • Azure Device Compliance Report Time

      • Azure Device Compliance Status

      • Azure Device Identifier

    • The ability to de-provision the Azure account has been added.

    • All activity of adding, editing, and deactivating an account are recorded in the Logs.

    Azure Tenant and Advanced searching.

  • Field name changed in Google Account configuration for iOS devices: Previously, a field titled "Google User's Full Name," was added to the Google Account Configuration dialog box. This field name has been changed to "Google Account Name." When an email is sent from this Google account, the name entered here displays who the email is from. Upgrading from previous releases will fill in the name as per the configuration. This field used to be a required field, and it is now an optional field for adding or updating an iOS Google Account Configuration. For more information, see Google Account

  • New workflow to install management profile for macOS 11.0 and above: During iReg device registration, when the device users begin registering their devices with macOS 11.0 and later versions as supported by MobileIron Core, users are prompted with a message that the management profile has been downloaded. To install the profile, device users need to install the downloaded profile, go to System Preferences > Profiles, and then click Install. For more information, see In-app registration.

  • Option to "Trust" or "Untrust" devices in self-service user portal: Mobile@Work client users can temporarily elevate or downgrade the trust level of their device, depending upon the surrounding conditions. The following new options are available from the self-service user portal (SSP) Devices page:

    Figure 1. Trust and UnTrust icons on SSP Devices page

    • Untrust: Select this option to temporarily remove confidential information and applications from the device. When the device is trusted (the default), the user will see the Untrust option. Use this option before entering a location where device security may be at higher than normal risk, such as in airports.

    • Trust: Select this option to restore confidential information and applications to the device. When the device is untrusted, the user will see the Trust option.Use this option when no unusual device security risks exist.

    For more information, see Trust and Untrust options.

  • Set Time Zone: The administrator can now set the time zone for one or more devices from within the Devices Details page using the Actions > Set Time Zone option. The time zone device action is also displayed in the Device Details page of a device. This feature is applicable to iOS 14.0 and tvOS 14.0 through the latest version as supported by MobileIron. For more information, see Setting the time zone of a device.

  • Notification preview type: In the App Notifications Configuration, select a Preview Type to display in the device notification message previews. Select Never to prevent apps from displaying message previews in Notifications. Applicable to iOS 14.0 through the latest version as supported by MobileIron. For more information, see Configuring notification settings.

  • Send email when using the Wipe or Cancel Wipe command on a device: Administrators now have the ability to customize or suppress emails that are automatically generated when a Wipe command or Cancel Wipe command is sent. This Send Notification of wipe to registered user field is useful for users that have multiple devices. The email notification would help prevent confusion to device users who may think Core is wiping their current, active device. For more information, see Wipe or Cancel Wipe.

  • Extensible Single Sign-On: MobileIron Core enables Extensible Single Sign-On with the following configurations: Extensible Single Sign-On and Extensible Single Sign-On Kerberos. The implementation requires an app extension, such as Microsoft Authenticator, from the identity provider. With an Extensible Single Sign-On implementation, users need to only authenticate once when accessing enterprise resources. Users are not prompted to authenticate for subsequent log in. A single sign-on configuration using Extensible Single Sign-On does not require a Tunnel or Sentry deployment. For more information, see Extensible Single Sign-On and Extensible Single Sign-On Kerberos.

  • Three new restrictions for iOS: The following fields have been added to iOS restrictions in the iOS / tvOS > Restrictions configuration page.

    • Allow Personalized Advertising (iOS 14.1 through the latest version as supported by MobileIron.)

    • Allow NFC (iOS 14.2 through the latest version as supported by MobileIron.)

    • Force Dictation Processing Only on Device (iOS 14.3 through the latest version as supported by MobileIron.)

    For more information, see iOS and tvOS restrictions settings.

  • New Skip option for Device Enrollment Profiles: A new option has been added to allow devices to Skip the App Store pane during the registration of an Automated Device enrollment device. For more information, see Creating Apple Device Enrollment profiles.

  • VPN chapter updated: To make it easier for customers to quickly find information, the Managing VPN Settings chapter has been revised in full.