New features summary

Ivanti Standalone Sentry features for Ivanti EPMM

Support for Oracle Linux 8: The Ivanti Standalone Sentry platform is now upgraded from CentOS7 to Oracle Linux 8.
Sentry self-signed certificate warning: Ivanti Standalone Sentry displays a warning message when customers attempt to generate and use a self-signed certificate for a TLS handshake between Sentry and Tunnel. For more information, see Configuring Ivanti Standalone Sentry for AppTunnel.

Support to connect Email+ to Sentry using MSAL library: Starting from Ivanti Standalone Sentry release 9.20.0, Sentry now supports MSAL library for Email+.

Support to accept Ivanti EPMM certificates from all domains: Ivanti Sentry should accept Ivanti EPMM certificates from all domains in the SAN field of the certificate for seamless mutual authentication flow.

There are no new Standalone Sentry features and enhancements available for Ivanti Neurons for MDM.

Support for USER_UPN attribute mapping for Sentry MICS certificate: User_UPN attribute mapping for Sentry certificate-based sign-in option is now available in Sentry Advanced Settings.

Support for Sentry compliance with Key Distribution Center (KDC): Sentry is compliant with KDC with KB5020805 patch with the registry key KrbtgtFullPacSignature set to Enforcement Mode.
Support for rebranding MobileIron Standalone Sentry to Ivanti Standalone Sentry: MobileIron Standalone Sentry is now rebranded to Ivanti Standalone Sentry.
- The links and privacy polices for MobileIron are now rebranded to Ivanti.
- The logos and images for MobileIron are now rebranded to Ivanti.
- The name and copyright for MobileIron are now rebranded to Ivanti.
Support for Android devices to connect to VPN: The Tunnel conversion port errors are now fixed to ensure that the Android devices can connect to the VPN.
Support for ciphers: RC4 cipher is considered weak and Ivanti recommends disabling this cipher through the Sentry CLI. Fore more information, see Configuring strong Kerberos ciphers from Sentry.

Support to update Open VM tools (open-vm-tools): Open VM tools (open-vm-tools) is updated to the latest version 11.0.5-3.el7_9.4.x86_64 for VMs for VMware ESXi system.
Support for Sentry SMB 3.x for Docs@Work: CIFS service is updated to SMB 3.x for Docs@Work.
SMB 3.x is enabled by default after upgrading to 9.17.0.
Sentry uses HMAC/MD4 for compatibility with NTLM-1. NTLM-1 is deprecated. Upgrade to NTLM-2 for any weak cipher usage issue.

Support for FIPS mode on upgraded AWS Sentry: FIPS mode is now supported on upgraded AWS Sentry.

Support for Conditional Access rules in Office 365: The Conditional Access rules in Office 365 now support ADFS with Sentry OAuth.
TLS 1.1 and TLS 1.0 support: TLS 1.1 and TLS 1.0 is not supported with Sentry 9.16.0 and later releases. For more information, see KB article.
The following error appears when TLS 1.1 or TLS 1.0 is selected during the upgrade.

Login to Sentry > Monitoring > Alert Viewer. The following log is listed in the Alert Viewer for TLS upgrade failure.
SSLv2Hello support: SSLv2Hello is not supported with Sentry 9.16.0.
Support for Certificate Based Authentication (CBA) with Ivanti EPMM and Ivanti Neurons for MDM: CBA is now supported with Ivanti EPMM and Ivanti Neurons for MDM.
Support for ADFS as IdP: OAuth with Certificate Based Authentication (CBA) now supports ADFS as IdP for Ivanti EPMM and Ivanti Neurons for MDM.
Support for latest Exchange Servers: Exchange Server 2019 CU12, 2016 CU23, and 2013 CU23 is now supported with Sentry 9.16.0.
Support for FIPS on Sentry AWS: FIPS is now supported on Sentry AWS.

FIPS is not supported with upgraded Sentry on AWS. Only fresh installation is supported.

There are no new Standalone Sentry features and enhancements available for Ivanti EPMM.

There are no new Standalone Sentry features and enhancements available for Ivanti Neurons for MDM.

Support for OAuth multi-factor authentication: Multi-factor authentication is now supported with Sentry 9.15.0 and newer versions and Ivanti Neurons for MDM. For more information, see 'Multi-factor authentication configuration for Ivanti EPMM' in the Sentry Ivanti EPMM Guide and 'Multi-factor authentication configuration for Ivanti Neurons for MDM' in the Sentry Ivanti Neurons for MDM Guide.
Support for IBM Lotus Notes Traveler 12: IBM Lotus Notes Traveler 12 is now supported with Sentry 9.15.0.

Support for Microsoft Hyper-V 2019: Microsoft Hyper-V 2019 is now supported with Sentry 9.15.0.

Support for latest exchange server: Exchange server 2016 CU21 and CU22 and 2019 CU11 are now supported with Sentry 9.15.0.

This release includes the following new features:

Support for mutual authentication between Ivanti EPMM and Sentry: Ivanti EPMM and Standalone Sentry now support mutual authentication by default. Minimum version requirements are:
- Ivanti EPMM 11.5.0.0 and newer versions.
- Standalone Sentry: 9.15.0 and new versions.
- With Sentry 9.15.0 (AWS and Azure), the machine hostname and the Sentry hostname must be identical. Also, Sentry Hostname/IP Address must be available in subject AltName for mutual authentication to occur without errors between Ivanti EPMM and Sentry.
  
  Ivanti EPMM will only initiate mutual authentication if Sentry is running 9.15.0 or newer software.

Enabling Strict TLS configuration: When mutual authentication is enabled between Ivanti EPMM and Sentry, then that Sentry is enabled with Strict TLS Configuration. For more information, see UEM SSL Configuration in the Sentry Guide.
Configuration update when Sentry is unregistered: When mutual authentication is enabled and Sentry is unregistered from Ivanti EPMM, use the Sentry Config Reset to add Sentry again to another Ivanti EPMM.

There are no new Standalone Sentry features and enhancements available for Ivanti Neurons for MDM.

Support for Azure AD conditional access rules: Sentry 9.14.0 now supports conditional access rules. For more information, see "OAuth for Sentry" in the Sentry Ivanti EPMM Guide.
iOS 15 day zero support: iOS 15 day zero support is now available with Sentry 9.14.0.

Support for M2700 appliance: Sentry installation is now supported on M2700 appliance. For more information, see "Installing Standalone Sentry on an appliance (Ivanti EPMM only)" in the Sentry Install Guide.

There are no new Standalone Sentry features and enhancements available for Ivanti Neurons for MDM.