New features summary

This section provides summaries of new features and enhancements available in this release. References to documentation describing these features and enhancements are also provided, when available. For new features and enhancements provided in previous versions, see the release notes for those versions.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.

iOS, macOS, tvOS

  • New iOS 14.5+ restrictions added: The following new restrictions have been added:

    • allowAutoUnlock

    • allowUnpairedExternalBootToRecovery

    • forceOnDeviceOnlyDictation

    • forceWiFiToAllowedNetworksOnly

    For more information, see iOS Restrictions.

  • "Skip the App Store pane" option removed: The Skip the App Store pane option is removed from DEP enrollment section.

  • New macOS restriction added: New restriction allowWallpaperModification added to the macOS restrictions configuration. For more information, see macOS Restrictions and Device Wallpaper Configuration.

  • Set priority for macOS restrictions: On the Cloud admin page, "macOS Restrictions Configuration" option is added in the "Priority Settings for Restrictions Configuration" section under Admin > Apple > Settings to enable priority settings for macOS restrictions. For more information, see Priority Settings for Restrictions Configuration in the Settings (Apple) section.

  • Change in device ownership on shared iPad device: When there is no active user logged on shared iPad device, the ownership is changed to the legal owner.

  • New Channel Selection options added for Custom configuration: The administrator can now push Custom configurations to shared iPad devices through "Device Channel or User Channel".

  • Wallpaper payload for macOS: Administrators can now upload a wallpaper and distribute it to macOS devices. See macOS Restrictions.

  • Repackaging tool link for macOS apps: The repackaging tool link is added to App > In-house apps > upload app section for macOS apps.

  • Force log-out enabled on shared iPad: The administrator can now select and force log-out a user on a shared iPad device. Force Logout option is available in the Actions menu list on the Device Details and Device List pages. For more information, see Shared iPad for business.

  • Support to add Printer: Add Printer configuration enabled for Cloud. For more information see Printer Settings.

  • Support for Per-Account VPN for iOS (Email configuration): The ability to associate a number of different per- app VPN profiles on Mail domains is supported by Apple. IMAP and POP3 email configurations are now supported over per-app VPN. For more information, see Email settings in Email Configuration.

  • Send install or update requests for iOS applications: Previously applications could be distributed by administrators to Users, User Groups, Devices, and Devices Groups. Starting this release, in-house and public applications can now be distributed to iOS devices using the following option: Apps > App Catalog > Send Install/Update Request for iOS apps.

Android

  • Support for an enhanced enterprise registration: Device users no longer have to manually launch Go when registering as a work profile on company-owned device. Registration is now prompted during the setup wizard. This also applies when registering a fully-managed device using a QR code, Google Zero Touch, or Knox Mobile Enrollment.

    Additionally, the decision to provision as a fully-managed device or a work profile on company-owned device is now based on the configuration distributed by Cloud. The workProfileEnabled flag, used for Zero Touch or Knox Mobile Enrollment, is no longer required and is ignored if specified. The provisioning mode selection has been removed in Provisioner 1.11.0 and is ignored if specified when using an older version.

    This feature requires Go 78 for Android and Provisioner 1.11.0 for Android, which are targeted to release in June.

  • Support for Device Owner registration of Android Open Source Project (AOSP) devices: Cloud supports Device Owner registration of Android Open Source Project (AOSP) devices without the need for Google Mobile Services (GMS). For more information, see Android enterprise: AOSP.

    This feature requires Go 78 for Android, which is targeted to release in June. Contact Ivanti Support to enable the required functionality.

  • Support for new evaluation type for device SafetyNet attestation: Devices that adhere to Basic or Certified SafetyNet property are registered. This hardware-backed security feature provides a higher level of security.

Windows

  • Device IP address displayed on Device Details page: The IP address of the Windows device enrolled to Cloud is now displayed under the Device Details > Overview tab.

  • Support for administrators to deploy certificates for user or device store: Administrators can now configure WindowsConfig Identity Certificates for users or device stores.

Audit Trails

  • Log entries are added in Audit Trail events: Log entries are added in Audit Trail events to capture the Configuration exports in both individual configurations and the explicit export of all configuration with details in the following areas:

    • Add space

    • Modify space

    • Delete space

Other features

  • Content changes for rebranding and distribution: Product documentation has been rebranded to align with Ivanti standards and is now available on the Ivanti documentation website.

  • Improved search results from Admin Portal Access: Starting this release, when you navigate to Audit Trails > Admin Portal Access, you will see all the relevant categories.

  • Improved search results in the device field platform filter: Previously there was an issue related to platform-specific fields when evaluated against a device from a different platform. Starting this release if you select AAD Enrolled, is equal to, No, you will see only the relevant devices.

Example:

Devices > Device Groups > Click Add > Select Android Enterprise Capable, is equal to, No.

The results display the devices that are not related to the filter.

  • Support to manage filters for Device Basic Search: The search option now lets you select or manage filters to enhance Device Basic Search for Device OS and Device Types.

  • Support for Device Basic Search to add filters on search results: The OS version is eliminated and the default filters are Device OS and Device Type. The Restore Defaults option restores the default view.

  • Support for custom distribution option: In Cloud, the custom distribution option lets you select the type of distribution for Users/User Groups or Device/Device Groups.
    In the Apps catalog, click any appropriate application to select Send Install/Update Request through Custom option. The Custom option now has Device and Device Groups tabs enabled.

  • Support to remove Groups with duplicate names synced from AAD

    • A new field, Group GUID, is part of groups and it is available on the group list view.

    • The Group GUID field appears in all rule builders (device group, user group, etc) where Group Name currently appears.

  • New spaces automatically added to the roles listed in admin accounts: Cloud automatically adds new spaces to the roles that are listed in the admin accounts when ALL Spaces are selected.

  • Assign user group permissions to users: Administrators can assign the following user group permissions to users:

    • View User Group

    • Create User Group

    • Edit:

      • Edit User Group

      • User Group Actions -> Assign Users

      • Assign Users under User Group detail page

      • User Group Actions -> Assign GDPR Profile

      • User Group Actions -> Remove GDPR Profile

      • User Actions -> Assign To Group

      • User Actions -> Remove From Group

    • Delete:

      • User Group Actions -> Delete User Group

      • Delete User Group action under user group detail page

    • Append/Assign Roles

      • User Group Actions -> Append Roles

      • Assign Roles under User Group Detail page

      All the permissions are listed in the Select Roles list. Based on the permissions that the administrator provides, the user can perform only the specific actions on the device. View permission is the only dependency for the User Groups permissions. The User Groups role is not space specific.

  • Support for User SSP portal restrictions: Starting this release, the User Self-Service Portal Configuration is created with the following six actions to restrict the actions that a user can perform from the User SSP portal:

    • Disable device wipe action

    • Disable reset secure apps passcode action

    • Disable Set Ownership action

    • Disable device unlock action

    • Disable device lock action

    • Disable device Retire action

  • Support to view the user role type: Currently Out of Box roles and Custom roles are shown in a single view without any easy way to segregate them. Starting this release, when you assign any role to a user, you have the option to search whether it is a System Role or a Custom Role. The following enhancements are made to Users > Details > Assign Role enhancements:

    • Column to display the user role type - System role or Custom role

    • Icon to indicate the user role type

    • Filter option for user role type drop-down list

    • Search option for user role name

  • The following options are enabled to the above pages:

    • Column to display the user role type - System role or Custom role

    • Icon to indicate the user role type

    • Filter option for user role type drop-down list

    • Search option for user role name

  • Support for user role type display: The following enhancements are made to Users and User Groups:

    • Added a column to display whether the role is System or Custom

    • Added an icon to determine the type of user role that is added

    • A filter option for the user role type drop-down is added

  • Changed Content tab landing page: Starting this release, the Content tab landing page is renamed from URL Content to Hosted Content.

  • Pillbox is added for every search or filtered term: When you search or filter for a specific device or device detail, you can filter it from the search section. Starting this release, pillboxes are added for each search or filtered item to let you quickly close any of the terms to help widen the search results.

    • Support for any dimension of iPhone wallpaper: The wallpaper dimensions are updated for iPhone in this release. Any dimension wallpaper will now work for iPhones.