New features summary

This section provides summaries of new features and enhancements available in this release. References to documentation describing these features and enhancements are also provided, when available. For new features and enhancements provided in previous versions, see the release notes for those versions.

General features and enhancements

• App/Configuration/Policy distribution limited to a maximum of 100 entities at once: Cloud allows you to deploy an app to a maximum of 100 entities at once.

  The limit applies to the following entities:

  • App and app configuration-selection of users, user groups, devices, device groups for send app install command.

  • Configurations

  • Policies

  This behavior applies to distributing apps from the user interface, and to the following public Cloud APIs:

  • Create app configuration (this link opens the Customer Integration API Guide in a new browser tab), POST /api/v1/app/version/{id}/config

  • Update app configuration, PUT /api/v1/app/version/{id}/config/{configId}

  • Update an app, POST /api/v2/app/public/{id}

  • Update in-house app, PUT /api/v2/app/inhouse/{id}

  • Install an App based on app distribution Filters - iOS Only (search for "Install an App based on App Distribution Filters - iOS Only" on the linked page), PUT /api/v2/app/{appVersionId}/install

• Support for separate authentication for device registration: Previously, if you set up SAML auth/IdP, SAML authentication was used for both device registration and portal authentication. Now, administrators can use a toggle button to choose different authentication methods for Admin Portal access and device registration. The bypass toggle is applicable only for device registration.

  This functionality is not supported for PIN Only type of authentication.

  For more information, see Identity and User Settings.

• Frozen column pane: The column headers of all tables are now frozen to help match a value to the appropriate column.

• Generate certificate for smart card login and custom object IDs (OIDs): Administrators can now generate Cloud certificates for smart card login and custom object IDs (OIDs). Authentication options include:

  • Client Authentication: enabled by default

  • IPSEC: optional, administrator can enable

  • Smart Card Logon: optional, administrator can enable

  • Custom OIDs: optional, administrator can enable

  This feature is only applicable for the following certificate authorities:

  • Local Certificate Authority

  • Intermediate Certificate Authority

  • External Certificate Authority: configure the application policies of CA template in NDES server to support IPSEC , Smart Card Logon, and custom OIDs

  For more information, see Certificate Configuration.

• Reminder to upgrade Connector to release 74: A pop-up appears for all tenants who have at least one Connector version older than 74 indicating that they must upgrade Connector to release 74. The pop-up stops appearing after the Connector is at release 74 or later.

• A banner appears after you log in to Cloud: When you log in to the Cloud portal, a banner appears stating that in the future releases of Cloud, a limit will be applied to the in-house application versions that are stored in the App Catalog. Select the check box Don’t show this again to avoid seeing the notification in your subsequent logins or click Got it.

• Support to specify atomic permissions for custom roles: Administrator can now specify the following atomic permissions for custom roles:

  • View User

  • Update User

  • Send Message To User

  • Append/Assign Roles to User

  • Create User

  • Delete User

  • Invite User

  • View User Registration PIN

For more information, see Roles Management and Assigning Roles.

• Disable View User Registration PIN permission for custom roles: Administrators can now disable the View User Registration PIN permission for custom roles. For more information, see Roles Management.

• Azure related attributes: After users register their devices with Microsoft Azure using the Microsoft Authenticator app, the Azure Device Compliance configuration-related attribute values appear for the device in the Device details page. The attributes are also now available for the administrator to create rules in device policies. The following attributes are now available as part of the Partner Device Compliance configuration:

  • AzureDeviceId

  • AzureClientStatusCode

  • AzureIntuneDeviceStatus

  • AzureIntuneStatusUpdatedAt

  • AzureUserUpn

  For more information, see Devices and Device Groups.

• Custom configuration distribution option: Previously, administrators could use the Custom distribution option to distribute configurations to only device groups. Now, administrators can use the Custom distribution option to distribute configurations to the Device, Device Groups, Users, and User Groups.

The configuration assignment or distribution to User/ User Groups is not available for the following configurations:

• Android Enterprise: Work Profile (Android for Work)

• Android Enterprise: Work Managed Device (Android for Work)

• Android Enterprise: Managed Device with Work Profile/Work Profile on Company-Owned device

• Android Work Managed Devices (Device Owner) for AOSP devices

For more information, see Configurations.

• Custom distribution option to distribute custom policies: Previously, administrators could distribute custom policies to only device groups. Administrators now can use the Custom distribution option to distribute custom policies to Device, Device Groups, User, and User Groups. For more information, see Custom Policy.

Android

• Auto-launch on install option: The Auto-launch on install option is now available for public, private, and in-house apps in the Managed Play App Configuration section. For more information, see App Catalog and Setting up Android Enterprise.

• Email+ 2.x tile no longer appears in the App Catalog: The "Email+ (enterprise v2)" and "Email+ (Android AppConnect)" tiles no longer appear in the App Catalog.

iOS, macOS, tvOS

• eSIM refresh cellular plan configuration: The eSIM configuration configures the cellular plan on devices with the Refresh Cellular Plans command. For more information, see eSIM Configuration.

• Configure security preferences for macOS: The Security Preferences configuration allows administrators to control and manage user changes to firewall settings, lock messages, and password changes on the device. For more information, see Security Preferences Configuration.

• Configure rules for macOS software updates: Administrators can now configure the software update policy for macOS devices by defining a set of rules. For more information, see macOS Software Update Settings Configuration.

• Certificate Revocation Checking configuration: Administrators can now use the Certificate Revocation Checking configuration to control certificate revocation checking on iOS devices. In this configuration, the device checks for an array of certificates for revocation. For more information, see Certificate Revocation Checking Configuration.

• New settings in Device Enrollment Profile for shared iPad devices: The Device Enrollment Profile for Shared iPad for business now offers settings to configure user sessions and allocate user storage. The new settings are:

  • Quota Size

  • Resident Users

  • User Session Timeout

  • Temporary Session Timeout

  • Temporary Session Only

  For more information, see Admin > Apple > Device Enrollment.

• Required App configuration for unsupervised devices added in Mobile Device Management Configuration profiles: The support for silent installation of an app now extends to unsupervised devices without user interference in iOS 15+ devices. Administrators can now push only one app to unsupervised devices without the app asking for user permission for installation. The Required App configuration is available in both the iOS MDM – Bulk Provision and iOS MDM – Individually Provisioned profiles. For more information, see Configuring an iOS MDM Configuration.

• New restrictions for iOS:

  • Allow Listed App Bundle IDs – Supervised (iOS 9.3+). For more information, see iOS Restrictions

  • Blocked App Bundle IDs – Supervised (iOS 9.3+). For more information, see iOS Restrictions

  • Force on Device only Translation - Unsupervised (IOS 15+)

  • Require Managed Pasteboard - Unsupervised (iOS 15+)

• Device information includes Apple silicon: Cloud now indicates if the device is an Apple silicon in the device details. For more information, see Devices.

• New restrictions for macOS:

  • Force Delayed Major Software Updates – Supervised (macOS 11.3+)

  • Enforced Software Update Major OS Deferred Install Delay – Supervised (macOS 11.3+)

  • Enforced Software Update Minor OS Deferred Install Delay – Supervised (macOS 11.3+)

  • Enforced Software Update Non OS Deferred Install Delay – Supervised (macOS 11.3+)

  • Allow Game Center – Supervised (macOS 10.13+)

  • Allow Erase Content and Settings – Supervised (macOS 12+)

  For more information, see macOS Restrictions.

• Change logo, name, and text color in Integrated Apps Catalog for macOS : Administrators use the new Integrated Apps Catalog tab for macOS to change the logo, name, and text color of the App Catalog. For more information, see Admin > Apple App Catalog (Branding).

Windows features

• Windows Hello for Business configuration: Previously known as Passport for Work, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs. Administrators can use this configuration to set-up a PIN-based login to the devices. Administrators can set the PIN complexity, usage of smart card, and biometric gestures in this configuration. For more information, see Windows Hello for Business Configuration.

• Select target certificate store: Administrators can now select the target certificate store on Windows devices on the Identity Certificate configuration. For more information, see Identity Certificate.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.