New features summary

This section provides summaries of new features developed for the current release of MobileIron Cloud. Product Documentation describing these features is available in the MobileIron Cloud Administrator Guide. For more information, see the specific sections provided for each of these features, when available.

MobileIron Threat Defense features

MobileIron Threat Defense protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MobileIron Threat Defense-related features, as applicable for the current release, visit MobileIron Product Documentation and click Threat Defense Cloud.

NOTE: Each version of the MobileIron Threat Defense Solution guide contains all MobileIron Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, MobileIron releases new versions of the MobileIron Threat Defense guide as the features become fully available.

iOS, macOS, tvOS

  • Content Caching service: Configure content-caching service for macOS devices to enable local copies of the App Store software and enable connected clients for faster software and app downloads.

  • Encrypted DNS configuration: Configure Encrypted DNS that will allow you to enhance security without needing to configure VPN.

  • Shared iPad enhancements

    • Select distribution channel for the iOS Restrictions configuration: Select either the Device Channel or the User Channel during the distribution of the iOS Restriction configuration configuration to Shared iPads. This is useful to distribute separate configurations and enforce restrictions that are applicable only to the device or the user channel.

    • Report user list: In the device details page of a Shared iPad, click the Users tab to view the list of resident users on the device and their details (such as Managed Apple ID, Data Available in bytes, Data Used in bytes, Has Data to Sync to Cloud).

    • Restricted configurations: MobileIron Cloud now restricts certain configurations, such as Passcode, for Shared iPads as Apple does not support them. Such configurations are no longer pushed to the devices.

    • Restriction on changing the Managed Apple ID: MobileIron Cloud now restricts administrators from changing the Managed Apple ID of resident user(s) who were logged in to the Shared iPad in the past along with the currently logged in users.

  • Associated and excluded domains: In the Per-app VPN and in the MobileIron Tunnel configurations, specify associated and excluded domains to be considered for association or exclusion from the per-app VPN and tunnel server connections.

  • Device Enrollment Full Sync:  In the Device Enrollment > Actions menu, administrators can initiate full sync. It may take some time to be completed. After the sync is completed, you can view the information in the Last Sync column.

  • Updates to iReg pages: The iReg pages are updated with new mobile-friendly layout and content.

  • Export eSIM ID to CSV: The equipment identifier (EID) shows up as an iOS attribute when a device list is exported to spreadsheet (CSV) format.

Android

  • Relinquish ownership of devices in Work Profile on Company Owned Device mode: When viewing the specific device details, you can relinquish ownership of Android devices in Work Profile on Company Owned Device mode. Relinquishing ownership of a device in Work Profile mode removes the work profile and retires the device from MobileIron Cloud, without affecting personal apps and data. The device user can then use the device a personal device, with full access to all device controls and settings.

  • Suspend personal apps when device falls out of compliance: Administrators can configure policies offering quarantine actions, such as the Compromised Devices policy, the Custom Policy, and the Allowed Apps policy, to suspend apps on the personal side of the quarantined device to indicate that device user needs to address the compliance issues on the device to make it functional. Supported on Android 11+ devices provisioned as a Work Profile on Company Owned Device.

  • Suspend personal apps when work profile turned off for specified time: Administrators can configure the Lockdown & Kiosk: Android enterprise configuration to set a maximum time that the device user can turn off the work profile before MobileIron Cloud suspends personal apps on the device. The device user sees a message prompting to turn on the work profile to enable suspended apps. Available for Android 11+ devices in Work Profile on Company Owned Device.

  • Disable the camera within the work profile: Administrators can configure the Lockdown & Kiosk: Android enterprise configuration to disable the camera within the work profile. Available for Android 11+ devices in Work Profile on Company Owned Device.

  • Disable screen capture on personal side of device: Administrators can configure the Lockdown & Kiosk: Android enterprise configuration to disable screen captures. When selected, screen capture is disabled on the personal side of the device. Available for Android 11+ devices.

Audit Trails

  • Personal Recovery Key (PRK) entries: Administrators can view Audit Trails log entries for the PRK activities by navigating to Dashboard > Audit Trails.

  • Expanded view user-interface modified: Enhanced expanded view user interface as follows:

    • Name column renamed to Performed on.

    • Type and category columns hidden from the default view. Retain using quick search or filter function.

    • Icons represent different categories

    • More logical column order.

  • Details column added: The details column in expanded view provides narrative details for the following audit logs:

    • Admin Access Portal

    • Configuration

    • User group

    • Policy

    • App

    • App configuration

    • Device management

    • For more information, see the Expanded View section under Dashboard.

  • The AAD sync updates in Audit Trails: Audit trails now audits AAD User/Group sync up and processing details. You can view manual and polaris based sync activities such as:

    • Sync summary

    • Adding AAD

    • Editing AAD

    • Deleting AAD

Other features

  • Microsoft Intune Device Compliance Support added: MobileIron Cloud now supports Microsoft Intune device compliance. Organizations can update the device compliance status in the Microsoft Azure Active Directory (AAD.) Using conditional access from AAD, if the device is non-compliant, administrators can block the device from accessing apps. By connecting Cloud to Microsoft Azure, administrators will be able to use the device compliance status of MobileIron's managed devices for conditional access to Microsoft 365 apps. Microsoft Intune device compliance requires a license and is applicable to iOS and Android devices.

    In Cloud, administrators will see the following changes:

    • The Admin page has a new menu item in the left navigational pane > Microsoft Azure > Device Compliance for iOS & Android. There are new fields to assist with the reporting of device compliance status to Microsoft Azure.

    • Administrators can direct device users to a specific Enrollment URL and Remediation URL. If a URL is not provided, a default URL is automatically provided by Cloud.

    • Once the setup is completed, Cloud is connected to Microsoft Azure.

    • A Partner Device Compliance policy (under Configurations) needs to be created and applied to the device group that reports the device compliance to Azure.

    • In the Device Details page, four new fields have been added:

      • Azure Device Identifier

      • Azure Device Compliance Status

      • Azure Client Status Code

      • Azure Device Compliance Report Time

    • The ability to de-provision the Azure account has been added.

    • All activity of adding, editing, and deactivating an account are recorded in the Logs.

    For more information, see Azure Tenant.

  • View configurations across all or multiple space devices: In the Configurations page, select multiple spaces from the drop-down list. When you hover on the displayed configurations, a pop-up window with a list of spaces are displayed. You can click on a space to display the configuration details page.

  • Exporting configuration details: In the Configurations page, export details of all configurations from the selected spaces.

  • Updates in the Admin > Roles Management page:

    • Additional permissions added in the Device Actions and LDAP Management categories.

    • New space-specific permission categories added as Configurations and Device Groups.

  • Updated role names and descriptions:

    • Renamed "LDAP User Registration and Invite" to "LDAP User Import and Invite."

    • Renamed "Create/Cancel Wipe Request" to "Send/Cancel Wipe."

    • Updates to the descriptions of the Manage MobileIron Access Integration, Send/Cancel Wipe, Edit Microsoft Graph, and View Microsoft Graph roles.

  • Updated list of device actions: Alphabetized the list of device actions in the following sections:

    • Devices > device list page > Actions.

    • Devices > device details page > Actions (ellipsis menu).

  • Limit distribution of apps: Apps that do not meet the version specified in the Minimum OS Version Required field are not displayed in Apps@Work catalog. Therefore, such apps are not available to be distributed to the devices.

  • User Work Schedule setting: Administrators can configure a user work schedule that blocks all communication from MobileIron Sentry to managed devices during the prescribed non-working hours. Useful for locales with Right-to-Disconnect laws.

  • Consolidated rule group fields and additional operators: Administrators have avail of consolidated rule-group fields and additional operations here in MobileIron Cloud:

    • Devices -> Device Groups -> +Add

    • Users -> User Groups -> +Add

    • Devices -> Advanced Search

    • Users -> Advanced Search

    • Admin -> Spaces -> Manage -> Create New Space

    • Apps -> Distribution Filters

    • Apps -> [choose an app] -> Distribution -> Edit -> + Add Distribution Filter

    • Policies -> +Add -> Custom Policy

    • Admin -> Certificate Management -> Issued Certificates -> Advanced Search