New features summary

• Remove low-severity threats and a summary of the threats: Starting from this release, there is no longer a display of low-severity threats on the Mobile Threat Defense (MTD) home page and a display of a summary in collapsed form on the Critical and Important threat severity page.

• Apple's iOS operating system (OS) version 18 support: Starting from this release, Mobile@work for iOS now supports Apple's iOS operating system (OS) version 18.

• Support Zimperium v5 Console functionality: The v5 Console is a new updated console from Zimperium, and it is compatible with all existing features of Mobile@Work for iOS.

• The user interface for Zimperium Dynamic Threat detection is redesigned on Mobile@Work for iOS: The client's Threat Defense UI is redesigned to support dynamic threats detected by the server. The threat defense card displays count based on severity, while the Threats Defense page lists all types of threats, sorted based on their severity.

• Support to collect Ivanti Tunnel logs: Ivanti Mobile@Work for iOS now collects the Ivanti Tunnel logs from the application. Administrators can view these logs from the Ivanti Neurons for MDM.

• Updated partner SDK version: Starting from this release, Mobile@work for iOS is now updated to partner SDK versions from 5.3.17 to 5.4.16.

• Remove filtering for threats: Remove the filtering based on the availability of local actions to display all threats for iOS.

• Catalan language support: Starting from this release, Mobile@work for iOS now supports Catalan language.

• Deprecate iOS 14 support: From this release, Mobile@work no longer supports iOS 14 devices.

• UI changes to threat category in Mobile@Work for iOS: Ivanti mobile threat defense introduces a change in threat categories in a user interface (UI) that dynamically adjusts based on threat severity. On the home page, the threat defense card shows the count of different threats based on severity. In addition, the threat details page that appears when the threat card is clicked has been redesigned to show all the threats on one screen, arranged according to threat severity. The most serious threats are shown first, and threats of the same level are shown according to when they occurred.

  The new threat card and the threat details' screen now show a greater number of threats than in previous version, as MTD now displays all the applicable threats rather than only a subset, as was the case in the previous UI.

• VNS enablement for visible notification: Ivanti enables Visible Notifications with VNS Server for MTD users, giving them control over VNS notification scheduling. Before this release, VNS visible notifications were scheduled based on the MTD schedule. Now, the VNS timeout is separated from the MTD wakeup. In this release, Ivanti introduced Schedule Notification Interval in Ivanti EPMM to set the schedule for VNS notification separately. For more information, see Setting the Schedule Notification Interval for iOS devices in the Mobile Threat Defense Solution Guide.

• Safari Web Content Extension: In this release, Zimperium no longer provides the content blocker functionality to block suspicious URLs; instead, it includes the addition of a new Safari Web extension supported with the Zimperium V5 SDK. This Safari web extension works in conjunction with MTD configuration in Ivanti applications to block suspicious URLs on web browsers. The user must enable this Safari web extension, named Ivanti MTD Extension, from the settings menu. Safari web extensions are supported starting with iOS 15 and above. For more information, see Safari Web Extension in the Mobile Threat Defense Solution Guide.

• A new option EULA is added: In this release, a new option EULA is added in the Settings tab > About page. The EULA option helps to view IVANTI END USER LICENSE AND SERVICES AGREEMENT in the application browser. The IVANTI END USER LICENSE AND SERVICES AGREEMENT page allows you to read the information in your preferred language.

• Native App Catalog app dependencies are added: Starting from the current release, prerequisite apps are installed before the main app in Apps@Work, and the following changes are displayed. The Install button displays colour and is enabled only after the VPP enrollment is completed for all VPP prerequisite apps.

  • The Native App Catalogue UI on the app detail shows only one Install button for the main app.

  • When the device user clicks Install, a pop-up appears, and a message is displayed.

  • The main app provides feedback to the device user about the apps that are installed and the apps that are missing.

  • The main app is installed once the device reports that the prerequisite app is available for installation at the next device check-in.

  • When the installation is triggered for VPP apps that contain user-based licences, the end-user licence message appears. The device user must accept the license. If the prerequisites or the main app have different VPP tokens, the device user will have to accept the licences for each prerequisite app.

  • The VPP app installation workflow will remain the same as it currently is for device-based licences.

  • The app list view displays the Open button for all apps that have prerequisites, and the end user will be led to the App Details page before installing.

  • When the device user clicks the Install button, the main apps with prerequisites will stay in the Pending state while the prerequisite apps install. Check-in happens after five minutes, and the installation of the main app begins. If the check-in fails, the main app is not installed.

  • Branded and migrated clients are also supported.

    The system attempts to install the prerequisite apps only once. If the installation of the prerequisite apps fails, the attempt to install the main app also fails.

• SSO Extension - authenticate AppConnect users: When a check-in with server is needed or a password change is required, AppConnect will flip to the iOS client app. However with this feature, when there is user inactivity, it will not flip to the M@W client and the passcode screen is shown in the AppConnect itself instead of flipping to M@W Client. But whenever checkin timeout happens, and AppConnect will flip back to client. This feature is disabled by default for the users. To enable this feature, set the following values in the Managed App configuration on the Ivanti Neurons for MDM Administrative portal respectively.

  • Key - MI_AC_ENABLE_SSO_AUTHENTICATION

  • Value - True

  • Type - Boolean

• Support for Banner Style field for Integrated Apps@Work: In the App Catalog, when the "Featured Banner" option is enabled, Banner Style color options are provided for the banner that displays in the Apps@Work Home page. Applicable to iOS only. For more information, see About managing mobile apps and Populating the iOS and macOS App Catalogs in the Ivanti EPMM Apps@Work Guide.
• Report Azure details in every check-in: Client is now successfully reporting Azure details to Ivanti EPMM during every client check-in.

• Support for iOS 13 devices is stopped: Mobile@Work no longer supports iOS 13 devices.

• Branding-related updates in Ivanti Mobile@Work for iOS: Ivanti Mobile@Work for iOS is now re-branded to Ivanti Mobile@Work for iOS. The following updates were made:

  • Notifications were updated

  • Brand logo was updated in Settings >Troubleshoot

  • Icons were updated

  • My Devices tab was updated

  • References to the product name in the text were updated

  • References to the product name in messages were updated

• Local notification prompts appear when the application is terminated: If the device user terminates the Mobile@Work application, administrator can set the application to do one of the following:
  • To display the default notification - Ensure that device users stay connected with the App to keep their device secured by setting the following values in the Managed App configuration in Ivanti EPMM.

    • Key - enableAppTerminationNotification

    • Value - 0 or 1

    • Type - Boolean

  • To display a custom notification - Add the following Key to the Managed App configuration:

    • Key - appTerminationNotificationMessage (The key is ignored if enableAppTerminationNotification is absent or has a value of 0.)

    • Value - Custom notification

    • Type - String

  For more information, see "Configuring the plist setting to take precedence over the iOS managed app configuration setting in the Ivanti EPMM Apps@Work Guide.

• View the privacy statement from the Home screen: Previously, the Privacy page was available from Settings > Privacy. Starting from this release, device users can view the Privacy page from the Home screen. Additionally, a new section "Your Privacy" has been added to the Home page. Tap "Learn More" to navigate to the Privacy page.

• Apps@Work available from Mobile@Work for iOS: Starting from Mobile@Work 12.11.80, you can transition to Apps@Work native experience from the Mobile@Work application. The Apps@work native appstore is deployed automatically with the client.
  • For newly created tenants, no action is required from the administrator. The Apps@work tab is displayed on the client task bar and device users can view and install their company-approved apps from Apps@Work.
  • For newly created tenants, the administrator can distribute the Apps@work Webclip configuration to iOS devices.

• Device compliance data sent to single/multiple Microsoft Office 365 GCCH/DoD tenants: Device compliance status can now be sent to GCCH and DoD Tenants.

• Device status is Compliant / Not Compliant: The Home screen now displays a card giving the status of device's compliance. If the device is not connected and the local compliance is not compliant, then "Device not in compliance" will display. Tapping the card opens to the Status Info page giving an explanation of why the device is not in compliance. If compliant, then "Device in Compliance" displays. A time stamp records the last device check in.

• Check for updates: Device user can pull the main screen to check for updates from the Ivanti EPMM server.

• Extensible Single Sign-On (SSO) configuration to manage Pasteboard Permission pop-up: The Pasteboard Permission feature in iOS 16+ devices displays a notification banner or a pop-up asking the user permission before accessing the pasteboard content from another application. When an AppConnect application is launched, a pasteboard banner or pop-up appears.

  The Extensible Single Sign-On configuration from the Core server lets you enable or suppress the banner or pop-ups from appearing on iOS client and AppConnect applications. The AppConnect applications that do not support the Extensible Single Sign-on configuration will continue to use the pasteboard feature and display the banner or pop-up.

  The server pushes the Extensible Single Sign-On configuration after the MDM profile is installed. During this interval of a few minutes, the SSO Extension does not work.

  The pasteboard banner or pop-up will continue to appear on iOS 16+ devices in the following scenarios:

  • If the device user performs copy or paste.

  • While generating the AppConnect application logs (since the transmission of log files takes place through pasteboard).

  • If Mobile@Work or any AppConnect application does not support the Extensible Single Sign-on configuration.

• Send device compliance data to multiple Microsoft Office 365 tenants: Administrator can configure device compliance data to be sent to multiple (up to 36) Microsoft Office 365 tenants in Standard environment.

• AAD re-registration screen removed: Upon AAD Password change/reset, the AAD re-registration screen will not display.

• Support for device compliance on branded clients: Mobile@Work now supports AAD Compliance for branded clients.

General features and enhancements

• In-App Notification: Mobile@Work now allows the device user to see deep links associated with in-app notifications. Web URLs open the corresponding page in the user device's default browser; app deep links open the corresponding app; multiple links can be opened from one notification.

• Dynamic Privacy Policy presentation: When a device user is registering their device via iReg or with in-app registration, the privacy policy will display. The privacy policy is dynamic based on the enrollment type.

• Azure Active Directory Support: For migrated iOS Mobile@Work devices, Azure Active Directory is supported.

• BLE support for FIDO users: FIDO users can now unlock their desktop on Mobile@Work for iOS using BLE technology in offline mode.

General features and enhancements

• Client receives executable Enable/Disable Enhanced logging command: This new feature is the client side of the Remote Enhanced Logging feature. The device user can allow or disallow the remotely activated Enhanced Logging for the given device.
• Certificate Pinning - Registration Time: This new feature for certificate pinning provides a warning to the device user if the pinning fails: "You are not able to register at this time, please contact your administrator."
• Support for new languages: The Hungarian and Swedish languages are now supported.
• Improvement for administrator-required reporting: In this improvement, device users will receive in-app notifications of administrator requirements to register for Azure Active Directory (AAD) device compliance reporting. By clicking on the push notification, the device user is automatically taken to the correct in-app settings.