New features summary

Support to re-apply Samsung General Policy: Added support to re-apply Samsung General Policy after Knox License Activation to enforce the restrictions correctly.

Enhanced Memory Compatibility: Ivanti Mobile@Work for Android is now compatible with devices using a 16 KB memory page size on 64-bit ARM architecture. This enhancement ensures improved performance and support for larger workloads.

Relocation of the Notifications icon: Earlier, the Notifications icon was available in the Hamburger menu. Starting with this release, the Notifications bell icon is now available in the top-right corner of the Home screen.

Support against Smishing: Starting with this release, Ivanti Mobile@Work for Android now protects the devices against Smishing. The administrators can configure this protection in the Lookout console.

Support for Thread Network: Introducing a new lockdown to disable the Thread Network functionality. This can be applied to both Work Profile on Company-Owned Device and Device Owner mode.

Support for SAML registration in Android devices: Administrators can now authenticate and enroll Android devices using SAML Authentication for Android Enrollment.

Support to securely re-assign Android devices: Ivanti Mobile@Work for Android now supports re-assignment of devices from one user to another in all Android Enterprise modes. Upon reassignment, the managed Google Play account will re-authenticate for the new user, and all applicable policies and configurations will be assigned to the device.

Support for Android 16: Starting with this release, Ivanti Mobile@Work for Android now supports devices operating with Android version 16.

Support for Samsung Knox SDK 3.11: Ivanti Mobile@Work for Android now integrates with Samsung Knox SDK version 3.11.

Support for Lookout SDK: Ivanti Mobile@Work for Android now integrates with Lookout SDK version 4.2.0.154.

Support for Lookout SDK 4.1.17: Ivanti Mobile@Work for Android now integrates with Lookout SDK version 4.1.17.145.

Support for Zero Touch VPN Anti-phishing protection: Select the Ivanti Mobile@Work for Android and anti-phishing configuration to enable and distribute the Always On VPN configuration. The device client app will no longer display the VPN permission dialog prompt after installing the configurations.

Support for Lookout SDK: Ivanti Mobile@Work for Android now integrates with Lookout SDK version 4.1.17.63.

Support for Zimperium SDK: Ivanti Mobile@Work for Android now integrates with Zimperium SDK version 5.6.37.

Introducing new app restrictions: New app restrictions will enable periodic activation checks and threat notifications for Zimperium to perform periodic checks.

Threat defense update: Ivanti Mobile@Work for Android now integrates with Lookout SDK version 4.1.16.39.

End of support for older Android versions: Starting from this release, Ivanti Mobile@Work for Android will no longer support devices running on Android versions 8.x or lower.

Support for AI Assist Lockdown: AI Assist Lockdown now supports Android 15+ in the PO, DO, and EPO modes.

Support for Private Space Lockdown: Administrators can now allow or disallow the creation of a Private Space on Android 15+ devices for organization-owned managed profile devices.

Enhanced Microsoft authentication: Due to Microsoft changes related to enabling browser access mode, administrators should enable or add Manage Certificates settings. Perform the actions by navigating to App Configurations Summary > Delegated Device Permissions > Manage Certificates for Microsoft Authentication app distribution.

SafetyNet / Play Integrity attestation: SafetyNet was used for devices below Android 14 and Play Integrity for Android 14 and above before client version 12.3.1.0. From client version 12.3.1.0 onwards, Play Integrity applies to all Android versions starting from 8.x.

Android version 15 support: Starting from this release, Mobile@Work for Android now supports Android version 15.

The user interface for Zimperium Dynamic Threat detection is redesigned on Mobile@Work for Android: The client's Threat Defense UI is redesigned to support dynamic threats detected by the server. The threat defense card displays count based on severity, while the Threats Defense page lists all types of threats, sorted based on their severity.

Support to allow Lost Mode on Android with audio: Administrators have the option to send a message to the device that has been lost. Administrators must select the device in the EPMM admin portal > Devices & Users and navigate to Actions > More Actions > Lost Mode to enable the feature. Once Lost Mode is enabled, the device displays the Lost Mode screen with a message, contact number, footnote, and Lost Mode Sound.

Support to integrate Lookout SDK: Lookout SDK version 4.1.14.13 is now supported with this release.

Support to integrate Zimperium SDK: Zimperium SDK version 5.4.53 is now supported with this release.

Allow Mobile@Work to open Captive portal Wi-Fi authentication: A new option is added in security policy. Required Mobile@Work for Captive Portal Wi-Fi Authentication that allows Mobile@Work for Android to intercept and process authentication requests for Wi-Fi connections through a captive portal and overrides the operating system (OS) behavior that allows authentication without a trusted or valid TLS certificate.

Local Compliance Action with Dynamic Threats Supported in MDM Server: Zimperium has introduced new threat rules in the MTD Local Actions Policy under the Network, Device, and App categories. You can enable the threats as per your requirements and apply them to the selected devices for threat detection.

Support Zimperium v5 Console functionality: The v5 Console is a new updated console from Zimperium; devices need to register newly on the v5 console and go through license activation and support threat defense. It is compatible with all existing functionalities of Mobile@Work for Android.

Support to allow Nearby Streaming: Administrators can now toggle the Nearby streaming to video stream applications to nearby devices. This is applicable for Android 14+ devices.

Support for Catalan language: Mobile@Work now supports Catalan language.

Support to configure Android Shared Kiosk to clear application data of Google Chrome: Android Shared Kiosk is configured to clear application data and force reinstall for Shared Users. When the user logs out, Chrome application data is cleared.

Support to re-authenticate a new OAuth token: OAuth API call is updated for non-mutual authenticated setup when an active token expires in old or new client.

Support to 'Allow Wi-Fi Direct' option: Administrators can now toggle the 'Allow WIFI direct' option for Devices in Managed Device, Managed Device- non GMS, and Managed Device with Work Profile Modes to allow or disallow the Wi-Fi Direct on a device. This is applicable for Android 13 and later devices.

Support to provide dynamic threat detection for Zimperium: The Threat Defense section of Mobile@Work now displays threats based on the severity of the threat: the Critical Threats and Important Threats. Clicking on these threats provide more information about the threat.

Support to disable the lockscreen shortcuts on an Android device: The administrators can allow or disallow lockscreen shortcuts by enabling or disabling 'Block keyguard shortcuts' option in Ivanti EPMM. This option is available for DO and EPO modes and is disabled by default.

Support to Ultra-wideband restriction: The Ultra-wideband restriction can be set only by a device owner or a profile owner of an organization-owned managed profile on the parent profile. In both cases, the restriction applies globally on the device and will disable the ultra-wideband radio.

Support to update imprint link for DT client: The imprint link is now updated for DT client to open Telekom imprint link.

Support to integrate Zimperium SDK: Zimperium SDK version 5.3.17 is now supported with this release.

Support to integrate Lookout SDK: Lookout SDK version 4.1.12.897 is now supported with this release.

Support to display recent users logging into the kiosk mode: Selecting the 'Display Recent Users on Login Screen' option in the staging policy for kiosk mode, displays the recent users to track the users logging into the kiosk mode. If the option is disabled, the recent users will not be displayed for the client.

Support to control Samsung Knox Mobile@Work license activation: Administrators can now control the license activation. The activation can be disabled when required from the New Samsung General Policy.

Support for new lockdown to allow network reset: Administrators can toggle the Allow Network Reset option for Devices in Managed Device, Managed Device- non GMS and Managed Device with Work Profile Modes to allow or disallow resetting the mobile network, WIFI, and bluetooth options on the device.

Support for Lookout SDK 4.1.11: Lookout SDK version 4.1.11 is now supported with this release.

Support for Zimperium V5 SDK: Mobile@Work is now supported with Zimperium V5 SDK.

Support for Android bug report: Administrators can now include or exclude android bug report while performing Pull Client Logs on a device in DO mode only. A new checkbox "Collect Android Bug Report Logs" is introduced in Pull Client Logs.

• Select the checkbox for client logs along with android bug report to be requested from Mobile at Work.

• Deselect the checkbox for silent logs to be requested from Mobile at Work. The android bug report is excluded in this request.