New features summary

These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.

Ivanti Neurons for MDM 95 - New features summary

General features and enhancements

Support to enable On-Premise SCEP certificate generation in batches: Administrators can now process On-Premise SCEP certificate generation in batches to avoid NDES server failure. You can define the batch size for multiple certificates. The batches are processed at fixed intervals. For more information. see Certificate Management.
Search capability introduced for apps in Available Apps at the device level: Administrators can now search for the following details of applications from Device > Device Details > Available Apps. For more information, see Displaying detailed device information > Available Apps in Getting Started with Devices.
Cloud Certificate Authority password length increased: The password length for the Cloud Certificate Authority password is increased from 30 characters to 64 characters.
Improved performance: The App Inventory Data source is updated in an effort to improve performance. Now we use Elastic search to pull information to devices instead of Database search.
New option "Set up SMTP Email Configuration" is added: New option to set up an SMTP configuration added to the Admin> Branding > Email settings section. For more information, see Branding Email Templates.
Change in user interface: Under the Dashboard > Create a Report > Report Type, the Most used Apps field is renamed to Most Installed Apps field.
New option added to stop macOS and Windows app version downgrade: In the installed App Configuration tab under the Device Installation Configuration section new option "Do not require specific app version" option is added to avoid downgrading to a lower app version.

Android features

Add more CSV files during Bulk Enrollment: Administrator can use the Add more devices option to add more devices using CSV files during the Bulk Enrollment process. For more information, see Bulk Enrolling devices using CSV file upload.
Battery attributes for Custom Policy: When creating a custom policy, the battery attributes information is also included when defining the conditions using Rule Builder. For more information, see Custom Policy.
5G Network Slicing option: The 5G Network Slicing option is only supported on Work Profile Devices with Android 12 and later versions. 5G Network Slicing Enabled option under the Device details page displays NA for Android devices below version 12.
Updated the Device Details > Logs content: The install application events for Android apps, visible under Device Detail > Logs tab now contain the app display version which is consistent with the other application events.

iOS, macOS, and tvOS features

Account Driven User Enrollment is supported for macOS devices: macOS devices can now leverage Account-Driven User Enrollment. This feature helps simplify the enrollment process of personal macOS devices. For more information, see Account driven User Enrollment.
Support for Cellular Private Network Geofencing: Ivanti Neurons for MDM now supports Cellular Private Network for iOS devices. This configuration provides device information on private network deployments, including geographical location, preference over Wi-Fi, and network deployment type. For more information, see Cellular Private Network Configuration.
New Platform SSO fields are added to Extensible SSO configuration: The Extensible SSO configuration now has new fields to support additional platform SSO settings for macOS 14.0+ devices and to support local account creation at login. For more information, see Single Sign-On Configuration.
Introduced Network Relay configuration: Administrators can now push Network Relay configuration instead of VPN configuration to enterprise devices to define settings for network relays. Relays can be configured at the device or app level. For more information, see Network Relay Configuration.
Ability to add Network Relay configuration enabled: New app configuration Network Relay added at the device and app level. to choose the relays same as content filters and DNS proxy. Apps that support relays can leverage this configuration to access private data or company resources. Currently this is available on devices with iOS for 17 and later. For more information, see Configuring Network Relay under App Configuration section.
Enabled Cellular 5G Slicing configuration: Support for 5G network slicing configuration is added for iOS apps, where the individually managed apps are assigned to a network slice that provides a specific network capability and characteristic to optimize the app experience. For more information, see the Configuring Cellular 5G Slicing section under App Configuration.
'Lost Mode Enabled' rule is added: New rule 'Lost Mode Enabled' added for advanced search query on the Device Details, Device Groups, Spaces, Policies, and Configurations pages for easy identification of a lost device. For more information, see Managing Spaces.

Windows features

Support to add policy details for Windows applications: Starting with this release, you can now add policies for Windows applications in Allowed Apps. Administrators can create compliance polices based on specific applications. Policies can block, quarantine, retire, and send messages according to devices. For more information, see Monitoring and Controlling Allowed Apps.
Optimized Windows support: Removed support for Windows 8.1, Windows Phone 8.1, Windows 10 Mobile, and Edge Legacy.

ChromeOS features

Deleting the Google Admin Console integration: Administrators can now delete the Google Admin Console integration with Ivanti Neurons for MDM. For more information, see ChromeOS and Ivanti Neurons for MDM.

Ivanti Neurons for MDM 94 - New features summary

General features and enhancements

Manage Apple ID is off by default in User Provisioning: Starting from the current release, the Managed Apple ID option is off by default on the Admin > Identity > User Provisioning page. For more information, see User Provisioning-Azure Active Directory.
Support for Azure device compliance for macOS devices: Ivanti Neurons for MDM now supports Azure device compliance for macOS devices. For more information, see Creating a partner device compliance policy.

Existing tenants that have already connected with Azure, and want to add device compliance for macOS devices, must disconnect the account and re-establish the connection.
App distribution status: The app distribution details like the number of eligible devices, etc. can be viewed under the Devices Summary tab. For more information, see Viewing App Details.
Google BeyondCorp Partner Device Compliance support: The BeyondCorp Partner Device Compliance is now supported with Ivanti Neurons for MDM. The admin must make sure that the Google apps are installed on the device, and that the user logs into the apps before the device is configured for conditional access with Google BeyondCorp. This is a Google limitation. For more information, see Creating a partner device compliance policy and Getting started with Devices.

Optimize Export to CSV for Reviews: You can now export the app reviews using the Export to CSV option from the Reviews page. After the download is complete, you will be prompted with an option to either Download or Delete the report. For more information, see Reviews.
Improved viewing and navigation options for App Configurations: Starting with this release, you can now view all the associated configurations for the app in Device Details and navigate from Device Details to App Configurations in Ivanti Neurons for MDM. For more information, see Getting started with Devices.

Android features

Support to use screen share option from the Ivanti Go app: The users can now share the screen from Ivanti Go app to perform any troubleshooting tasks or to view the documentation. For more information, see Privacy Configuration.
Support to assign DPC extras as custom attributes: The administrator can now assign DPC extras as custom attributes when enrolling devices. A maximum of three DPC extras can only be assigned as custom attributes.
Enabling the Domain field for PEAP: When upgrading Android 14+ devices to Ivanti Neurons for MDM 94, the domain field must be made available for PEAP. The Administrator must edit the Wi-Fi configuration and update the domain and certs before upgrading to 94. For more information, see Wi-Fi Configuration.
Cancel Wipe action on Work Managed Devices: The Wipe action can be cancelled for Work Managed Devices in DirectBoot mode.
Single App launcher Kiosk: The administrator can now enable the Single App launcher Kiosk setting "Allows to use Kiosk mode" to keep an app in the foreground on GMS and non-GMS devices. For more information, see Privacy Configuration Lockdown and Kiosk: Android Enterprise.
Android App Management: The administrators can now edit the App Delegation option to stop delegating an app from the App Catalog. This will impact the app in all its delegated spaces. For more information, see Delegating Apps.

iOS, macOS, and tvOS features

Support to enable passcode regular expression: A new field- Enable Passcode Regular Expression is added to the Create Passcode Configuration. The passcode payload enables the Ivanti Neurons for MDM administrator to specify a password policy as a regular expression in macOS. This is applicable for devices containing macOS 14+. For more information, see Passcode Configuration.
SIM Service Subscriptions section displays new fields: Starting from the current release the following values are populated from the SIM Service Subscription section on the Device details > Overview tab to the following missing fields:
- Is Roaming
- Subscriber Carrier Network
  For more information, see Getting started with Devices.
Support to enable File Vault during SetupAssist: Administrator can now enable the file vault during SetupAssist to encrypt the device before users login. A new option Enable File Vault at SetupAssist is added to the File Vault Configuration. Profile. For more information, see FileVault 2.
Ivanti Neurons for macOS app is available on App Catalog: The Ivanti Neurons for macOS Agent is available in Business Apps in the AppCatalog. The administrator can add and deploy the Ivanti Neurons for macOS Agent as an in-house app through Ivanti Neurons for MDM on macOS devices. This agent allows macOS devices to connect to the Ivanti Neurons platform.

Registering macOS Agent with Neurons:
1. Navigate to Admin > Scripts > All Scripts.
2. Add the following script (the script is taken from Ivanti Neurons > Admin > Agent Management.
3. Now, add the Ivanti Neurons Agent app to the App Catalog and select the script in the post-install script.
4. Once the Neurons agent is installed on the device, there is a folder "/usr/local/com.ivanti.cloud.agent/IvantiAgent” created by the Neurons agent installer.
5. Post that it will prompt for the other services to install and setup, like remote control, etc.
6. To uninstall the agent from the device, run the following query:

Note that this will uninstall the agent, but it won't remove the device from the device list in Neurons - that would currently be a manual process in the Neurons web console.

New restrictions are added to macOS Restrictions Configuration: New restrictions are added to the macOS Restrictions Configuration and this is applicable for devices that contain macOS 14+. For more information, see macOS Restrictions.
Support to display battery and model number: Apple has introduced the ability to query the model number and battery status. You can view the following fields from the Device Details page:
- Has Battery (iOS 13.3+)
- Model Number (macOS 13.3+ and iOS 16.4+)
  For more information, see Getting Started with Devices.
Support for Azure device compliance for macOS devices: Ivanti Neurons for MDM now supports Azure device compliance for macOS devices. For more information, see Creating a partner device compliance policy.

Windows features

Support to add policy details for Windows applications: Starting with this release, you can now add policies for Windows applications in Allowed Apps. For more information, see Monitoring and Controlling Allowed Apps.
Optimized Windows support: Removed support for Windows 8.1, Windows Phone 8.1, Windows 10 Mobile, and Edge Legacy.

ChromeOS features

Support to upload ChromeOS Blueprint Configuration files: Administrators can now upload the ChromeOS Blueprint Configuration files to Google Cloud. For more information, see ChromeOS Blueprint Configuration.

Ivanti Neurons for MDM 93 - New features summary

General features and enhancements

Support to uninstall (exclude or redistribute) an app from a device: The administrator can now exclude or distribute apps for Windows devices. For more information, see Exclude or Distribute apps.
New roles are added for reports: The following new roles are added for Reporting:
- Report Management
- Report Retrieval
- Custom Role (Cross Space)
For more information, see Roles Management.
Custom attribute names are sorted: The field names of the following custom attributes are sorted in the rule builder:
- Custom LDAP Attribute
- Custom User Attribute
- Custom Device Attribute
- Custom IdP Attribute
- Custom App Attribute
For more information, see Custom Policy.
Delegation with custom distribution is added to more configurations: The delegation with custom distribution option is now available for the following configurations:
- Wifi
- VPN
- SCEP
- Windows_SCEP
- Webclip

For more information about the generic steps, see Working with Configurations.

Advanced Search is added to Audit Trail page: The Audit Trail page now has the Advanced Search field. The Advanced Search lets you create and save a query for future searches. For more information, see Using Advanced Search for Audit Trails on the Working with Widgets page.
Filter application actions from the application device logs: Detailed logs are available for application actions at the device level. For more information, see Getting Started with Devices.
ChromeOS extension apps: Administrators can now add the ChromeOS extension apps to the App Catalog and distribute these apps. For more information, see Add and distribute ChromeOS extension apps.

Android features

Enhanced Unlock command: Administrators now have the option to specify a specific unlock code, using 6 to 8 alphanumeric characters. For more information, see Unlocking a Device
App updates during app installation: App updates can be done only if an app is set to be installed. This is applicable to Public, Private, and In-house apps. For more information, see App Configuration.
Making the Google Device Account as default for new registrations: All the new registrations will have Google Device Account as default in place of the User Account. For more information, see Adding Users.
Shared Kiosk Logout configuration during registration: Starting this release, direct registration as a "kiosk worker user" will be allowed. However, the "Logout" feature of the lockdown configuration will NOT be applied. The device will receive all configurations and apps, but not as a shared kiosk or a kiosk device. A regular Work Managed Device mode will be registered to the "work profile user."

iOS, macOS, and tvOS features

Device information query updated for iOS devices: Starting from iOS 17, Apple has announced the deletion of a few settings from the Device Information Response section. However, the devices return the settings in a different section. To minimize the impact of this change, the values are populated from the SIM Service Subscription section on the Device details > Overview tab to the missing fields.
Web Content Filter Configuration can be associated to an app from App Configuration: The App Configuration page of an app now has an option to select a Web Content Filter. The app traffic will pass through the web content filter if configured. For more information, see App Configuration.
DNS Proxy configuration can be associated to an app from App Configuration: The App Configuration page of an app has an option to select a DNS proxy. The app traffic will pass through the DNS proxy if configured. For more information, see App Configuration.
Accessibility Settings configuration for iOS: The administrator now has the ability to configure accessibility settings for iOS devices with the help of Accessibility Settings Configurations. For more information, see Creating Accessibility Settings Configurations.
Accessibility Settings configuration for macOS: The administrator now has the ability to configure accessibility settings for macOS devices with the help of Accessibility Settings Configurations. For more information, see Creating Accessibility Settings Configurations.
Option added for iPhone Widgets: The following option is added for iOS Restriction Configuration for devices that contain iOS 17.0+:
- Allow iPhone Widgets on Mac - If false, does not allow iPhone widgets on a device with macOS that has signed in the same AppleID for iCloud. This is applicable only for devices that are Supervised.
Support for Apple Silicon Device: The following option is introduced for macOS device group creation:
- Apple Silicon Device
Route network traffic through iOS application installed on M1 macOS devices: Application traffic from iOS apps that are installed on macOS and are running on Apple silicon can now be routed through Per-App VPN.

Windows features

Support to configure reboot options post app installation: The administrator can now configure Reboot Device after Install with various options for an app from the App Configurations section. For more information, see App Configuration.
Support for Win32 store applications: Starting this release, Ivanti Neurons for MDM now supports Win32 store applications to import, install, uninstall, and add the apps to inventory collection. For more information, see App Inventory.

ChromeOS features

ChromeOS extension apps: Administrators can now add the ChromeOS extension apps to the App Catalog and distribute these apps. For more information, see Add and distribute ChromeOS extension apps.

Ivanti Neurons for MDM 92 - New features summary

General features and enhancements

Added report columns for iOS, macOS, and Android devices: New Report Columns are added for Scheduled Reports in Report Data tab. To select the new report columns, you can use the Select all columns check box to select all the displayed columns in the list.
Support to include SID for AppStoreFront CA: Starting from this release, for any new device registration for LDAP users, the AppStoreFront Certificate Authority will contain the SID. If you need to assign SID for an existing device, you need to re-register the device. Also, starting from this release the AppStoreFront Certificate Authority will be automatically renewed with the SID once the certificate expires.
Support to edit distribution options for Sentry Root Certificate: The administrator now has the option to edit the default distribution of the Sentry Root Certificate configuration from the distribution page. As Sentry Root configuration is of type certificate you can now delegate it to other spaces through custom distribution. You can also provide edit permission to the custom space administrator by delegating the configuration to other spaces. For more information, see Setting Up AppTunnel.
New attribute is added to the rule builder: Custom IDP Attribute is added to the rule builder so that rules, distributions, or groups can be created and synced against a SCIM custom attribute. For more information, see Distribution Filters and Attributes.
App Catalog for Native Client adds Apps@Work tab to the Go client application for MAM-only devices: The App Catalog for Native Client configuration adds the Apps@Work tab to the Go client application during device registration for MAM-only devices. The Apps@Work tab displays the list of applications from the App Catalog. This is applicable only for Ivanti Neurons for MDM Release 92 onwards.
New option in Managed Apple ID: The userUPN domain option is added to Managed Apple ID for Pattern Match. For more information, see Connect Ivanti Neurons for MDM with Azure Active Directory User Source, User Provisioning-Azure Active Directory, User Enrollment with Apple Business Manager, and Configuring LDAP server.
Display and search details of app installation in Device logs: Starting from this release you can view the application installation details from the Device Details > Logs > Details column. You can also search for a specific status from the newly added search bar.

For all devices the status shows the following details:
- App name, app version, bundle, or package ID
- Status of installation
- Any errors and reason for the error
  For example - appOrConfigName=Name:<app name>;Identifier=<bundleid>;iTunesStoreId:<itunesid>;Status:<status or error reason from Apple>version: <app version>
For Windows devices the status shows the following details:
- Include bundle ID or package ID, status, and errors
  For example -
  - For type - application inventory and status - acknowledge - displays - appType
  - For type - application inventory and status - sending - Does not display anything
  - For type - install/uninstall and status - success/failure/sending - displays Include bundle ID or package ID, status, name, version, and errors
For more information, see Searching Device Logs > Getting Started with Devices.
Updated Device Cleanup Settings: The Device Cleanup Settings is updated to add the following processes:
- Delete Wipe Pending Devices: Starting with this release, you can delete the devices that are due to be wiped.
- Retire the Retire Pending Devices: Starting with this release, you can retire the devices that are due to be retired.
For more information, see Device Cleanup Settings
Support to uninstall (exclude or redistribute) an app from a device: The administrator can now exclude or re-distribute an app from a device on iOS and macOS devices. For more information, see Getting Started with Devices and Excluding or Redistributing an app.

Android features

Ivanti Tunnel and VPN configuration on Android Enterprise devices: The Ivanti Tunnel and VPN configuration is deprecated for devices in Android Enterprise mode. It is recommended to use managed configurations from the Ivanti Tunnel app. For more information, see Tunnel and VPN Configuration.
Support for Network and Security log delegations: The Network and Security log delegations are now supported in AMAPI mode. For more information, see App Catalog.
Reassign Android devices : The administrator can transfer the ownership of an Android device from a user to a different user. This requires a SUEM-Premium license. For more information, see Reassigning an Android device.
Android device reassignment: Android device reassignment is available only in SUEM-P.
Kiosk Mode Allowed Apps: The administrator can create folders and move apps to these folders in Shared Kiosk mode. For more information, see Lockdown and Kiosk: Android Enterprise.
WhiteLabel Settings enhancements : New enhancements have been added to the WhiteLabel Settings. For more information, see Help@Work.

iOS, macOS, and tvOS features

Support for Apple device declarative management: Apple's Declarative Device Management is a modern management protocol that allows managed devices to proactively and autonomously apply their own management settings with less communication. Declarative Device Management is enabled on newly enrolled devices during enrollment or during check-in for already enrolled devices.

Declarative Device Management is automatically enabled on the following eligible devices:
- Computers with macOS 13 or later
- Devices with iOS 16 or iPadOS 16 or later
- Devices enrolled via User Enrollment support Declarative Device Management on iOS or iPadOS 15 or later.
- Apple TV devices with tvOS 16 or later
In this release we are also adding Declarative Management support for the following Status Channels:
- Changes to the OS Version
- Passcode compliance
- Passcode present

Support to select multiple certificates in Ethernet and WiFi configurations: Ethernet Configuration and WiFi Configuration now let you select multiple certificates from the Trusted Server Certificate Names field. For more information, see Ethernet Configuration (macOS) and Wi-Fi Configuration.

Distributed configurations and high priority applications are installed during setup of Automated Device Enrolled devices : Starting from this release, all the distributed configurations and high priority applications will be installed on the devices in the background during setup of Automated Device Enrolled devices if the Wait until Configurations and high priority applications are pushed to devices option is enabled in the DEP profile. For more information, see Device Enrollment.

Windows features

Software updates installation on Windows 10+ devices: Software updates installation on Windows 10+ devices – When updating software on Windows 10+ devices, the “Branch to install updates” options have been updated. For more information, see Software Updates.
New Ivanti Apps@Work app for Windows: Following changes are made to the Apps@Work app:
- Rebranded with Ivanti logo
- Identity of Generic version of Apps@Work updated from MobileIronAtWorkEMM to IvantiAtWorkUEM
- Version series of Apps@Work updated from "9.6.0.0" to "10.0.0.0"
When the release upgrade happens on tenants that already have Apps@Work app on their devices, the Apps@Work app with Ivanti re-branding will be added to the App Catalog. But the re-branded version will not be distributed to the devices automatically, you need to perform manual distribution. In the case of new tenants, only the re-branded version will be made available in App Catalog. This version is set to Distribute to Everyone by default.
Support for Microsoft Defender for Endpoint (formerly known as Windows Advanced Threat Protection) configuration: The Microsoft Defender for Endpoint allows customers to leverage Microsoft Purview and other Azure services. For more information, see Microsoft Defender for Endpoint.
Install the O365 apps during Autopilot installation: The O365 apps configuration can now be installed during Autopilot enrollment workflows. When devices are released to the end user, O365 apps will be already available and installed on the device. For more information, see Configuring Windows Autopilot Profiles.
New hardware attributes for creating Device Groups: New hardware attributes (Manufacturer, Total Device Capacity, Total Memory MB) have been added to the Create Device Group and Custom Policy sections. For more information, see Device Groups.

Ivanti Neurons for MDM 91 - New features summary

General features and enhancements

App Installation Status column is added for iOS, macOS, and Android devices: Starting from the current release, the App Installation Status column in the Available Apps tab in Device Details view will display the status of applications on the device. The App Installation Status column appears by default.
Sorting by App installation status is not supported.

For more information, see Getting Started with Devices.
Delegation with custom distribution is enabled for Per-app VPN and Certificate configurations: Starting from the current release , global administrators can delegate space administrators to edit the certificate for All Devices and for the Custom distribution option.
The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.
- Per-app VPN configuration - Custom distribution options are now available
- Certificate configuration - Custom distribution options are now available
  
  For more information, see Certificate configuration and Per-app VPN Configuration.
New rule is added to the rule builder: The Device Registered filter attribute is added to the rule builders for Device Groups. The attribute lets you filter the devices that have been registered in a specific time. For more information, see Device Groups.
View User Registration PIN permissions are updated: When you apply the View User Registration PIN custom role, users can view the PIN of other users that have the same access level or with lesser privileges and the users cannot create PINs for other users. For more information, see Roles Management.
Support for Department attribute in SCIM user provisioning: Starting this release, Department attribute will be supported in SCIM User Provisioning. For more information, see Configure Attributes in SCIM User Provisioning.
Updated the Device Cleanup process: The Device Cleanup process is updated as follows:
- Retired Device Settings - This is now renamed to Retired Devices. Scheduled retirement frequency options are added.
- Delete Retired Device Settings - This is now renamed to Delete Retired Devices. Scheduled deletion frequency options are added.
- Delete Wiped Devices - This is added in the current release.
  
  For more information, see Device Cleanup Settings.

Android features

App usage data collection: For Android Enterprise devices, it is now possible to collect the app usage data on hourly, daily, weekly, or monthly basis. For more information, see Getting started with Devices and Device Logging.

iOS, macOS, and tvOS features

Automatic renewal of certificates for iOS devices: Starting this release the Go Client certificate for iOS devices is automatically renewed within 30 days of expiry.
Automatic renewal of N-MDM Device Identity certificates for Apple devices: Starting this release, the Device Identity certificate for Apple devices is automatically renewed within 30 days of expiry.

iOS devices receive renewed MDM certificates from Ivanti Neurons for MDM as part of the regular device check-in flow. However, iOS devices need to be re-enrolled with Ivanti Neurons for MDM when they are offline long enough for the MDM certificate to expire before a check-in that would have renewed the certificate before expiration.
New Device Details are added: The following new version details are added for iOS and macOS devices:
- Supplemental Build Version
- Supplemental OS/Version Extra

Windows features

Set app priority during installation: When installing a Windows app, the administrator can set the priority level on which the app installation must happen. For more information, see App Configuration.
Reorder pre or post-install scripts for .EXE files: The administrator can now reorder the pre or post-install scripts or files by prioritizing the pre or post-install scripts for .EXE files. For more information, see Managing Windows Applications.
Support to add icons when uploading Windows In-house apps: When uploading In-house Windows apps to the App Catalog, the administrator can now include icons along with the apps. For more information, see App Catalog.
EXE apps installation during Autopilot enrollment: The .EXE apps will be installed in Self-deploying and User-driven modes during the Autopilot enrollment process. For more information, see Configuring Windows Autopilot Profiles.
EXE app management on Windows devices: The .EXE apps can be managed in Self-deploying or Pre-provisioning modes on Windows devices. For more information, see Managing Windows Applications.
Support for Windows LTSC devices: Ivanti Neurons for MDM now supports devices installed on Windows LTSC.
Custom CSP Configuration: The administrator can create, configure, and distribute custom CSPs using the OMA-URI schema. For more information, see Custom Configuration.

Ivanti Neurons for MDM 90 - New features summary

General features and enhancements

Updated the Reports workflow: The report creation, summary, event range, and distribution steps are updated. Select all check box is added to select all the columns that are displayed in the list.
- New filters are added for all application reports: The All Applications, Most Used Apps, and Unmanaged Apps reports now have the following new filter options:
  - Platform Type
  - Source
  - Custom Attributes
  - Managed
  For Unmanaged Application report App Identifier is added as a default column.
- Progress bar is displayed on the report type: A progress bar is displayed on the report type to indicate the report generation status.
For more information, see Using Custom Reports and Using Scheduled Reports.
New rules are added to the rule builder: The following new rules are added to the rule builders for Advanced Search, Device Groups, Distribution Filters, and Spaces:
- Sentry Blocked - The Blocked attribute is renamed to Sentry Blocked. Previously the Blocked status referred to the status of blocked devices from Sentry.
- Access Blocked - For devices that are blocked by Access.
  Ivanti is enhancing Ivanti Access to report blocked device status to Ivanti Neurons for MDM and has tentatively scheduled this integration for the second quarter of 2023. Until Ivanti has completed this integration, the Access Blocked rule will not work as expected.
- Compliance Action Blocked - For devices that are blocked by the Ivanti Neurons for MDM administrative portal.
  For more information, see Custom Policy, Managing Spaces, Device Groups, Distribution Filters, and Getting Started with Devices.
Branding update: MobileIron Go app is now re-branded to Ivanti Go on Android and iOS platforms.
Numeric data type is introduced in Custom Device Attributes: You can now specify numeric values for custom device attributes. The attribute will appear in the rule builder when you create devices or device groups. For more information, see Attributes.
Specific attributes are supported while provisioning users from Azure AD: User provisioning Azure AD lets you sync specific core and enterprise attributes. For more information, see Configure Attributes in SCIM User Provisioning.
Converged tenants have access to specific pages in Ivanti Neurons for MDM: The following sections are not applicable for tenants who have access to both Ivanti Neurons for UEM and Ivanti Neurons for MDM:
- Admin > System > Roles Management
- Admin > System > Spaces
- User > Users > Action > Assign Roles
- User > user details > Assign Roles icon
  For more information, see Roles Management and Spaces.
Updated name for On-premises Certificate Authority: The on-premises Certificate Authority is now updated to on-premises non-SCEP Certificate Authority on the Ivanti Neurons for MDM administrative portal. For more information, see Certificate configuration.
Audit Trail Actions menu is added: Actions drop-down menu is added to the Audit Trails page with the following options:
- Configure Audit Trail Export Setting: The option is now moved from above the columns to the Actions drop-down menu.
- Export to CSV: You can now download Audit Trail records in CSV format.
Grouped View is removed from Audit Trails: Grouped and expanded views are removed from the Audit Trails page. For more information, see Working with Widgets.
Device Cleanup Settings is introduced: You can retire or delete unused devices using the Device Cleanup Settings page. For more information, see Device Cleanup Settings.

Android features

MAC Address Randomization: On Android 13+ devices, the MAC Address Randomization options have been added to the Wi-Fi Configuration section. For more information, see Wi-Fi Configuration.
Zebra FOTA Patch upgrade: Zebra FOTA Patch upgrades will not be supported on Android 11+ devices as per design changes from Zebra. However, Full Upgrades will continue to be supported. For more information, see Enrolling Zebra OTA Service.
Zebra Configuration OS updates: Most granular choices are now available to manage Zebra firmware updates. For more information, see System Update Configuration.
Wi-Fi support for TLS: The administrator has options to provide "outer-identity" when EAP type is TLS, and also for Domain. For more information, see Wi-Fi Configuration.

iOS, macOS, and tvOS features

Automatic renewal of macAgent certificates: Starting this release the macAgent certificate is automatically renewed within 45 days of expiry.
Configure DNS Proxy Settings: As the Ivanti Neurons for MDM administrator, you can configure DNS Proxy settings using the DNS Proxy Configuration for users of iPhone and iPad devices. You can use the DNS Proxy payload to specify the application that provides the DNS proxy network extension and other vendor-specific values. For more information, see Creating DNS Proxy Configuration.
Support for ACME Payload: Starting this release ACME configuration is supported. For more information, see Identity Certificate.

Windows features

App Inventory interval for Windows apps: The App Inventory interval for Windows apps has been updated to 24 hours, by default. The administrator can set any value ranging from 24 to 48 hours as the interval value. For more information, see Configuring app inventory intervals.
Update version information for .EXE apps: The administrators can modify the app version in the App Catalog to keep the Display Version and Bundle Version consistent. This can be done only when editing the app, and not during app upload. When the version information under the Display Version section is updated, a pop up appears on the screen to confirm that changing the Display Version also changes the Bundle Version and if you want to proceed further. Click OK to update the information under the Display Version and Bundle Version sections. Click Cancel and the update will not happen in either of the sections. For more information, see App Catalog.
Windows Custom SyncML Log: The Windows Custom SyncML Log information is now available under the Logs section. For more information, see Pushing SyncML to Devices using Custom Configurations.
Configure the Windows MSI apps pre and post-installation scripts, and generic files: The administrator can now configure pre and post-installation scripts and files, which are executed on the devices before and after the MSI installation respectively. For more information, see Managing Windows Applications.
Collecting the .EXEs inventory: The .EXEs inventory is also collected when the Privacy Configuration is using the default configuration to collect App Inventory only for App Catalog. For more information, see Privacy Configuration.

ChromeOS features

The ChromeOS platform support is added from the current release and the following features are NOT available on FedRamp.

Device action - Lock ChromeOS devices: The administrator can lock ChromeOS devices that are registered with Google Admin Console. For more information, see Locking a Device.
Device action - Unlock ChromeOS devices: The administrator can unlock ChromeOS devices that are registered with Google Admin Console. For more information, see Unlocking a Device.
Device action - Wipe ChromeOS devices: The administrator can wipe ChromeOS devices that are registered with Google Admin Console. For more information, see Wiping a Device.
ChromeOS Device Logs: For all the ChromeOS devices, the Device Log information is available on the Device Details page, under the Logs tab, as available on other platforms like Android and iOS. The device log will have information like the actions that are performed on devices, status of the actions, etc.
ChromeOS Blueprint Configuration: The ChromeOS Blueprint Configuration uses the same settings that are available for the Google Admin Console. These settings will be distributed to the devices under LDAP User Groups only. For more information, see ChromeOS Blueprint Configuration.
Android app distribution on ChromeOS devices: The Android apps available on App Catalog can be distributed to ChromeOS devices. For more information, see Distribute Android apps to ChromeOS devices.

Ivanti Neurons for MDM 89 - New features summary

General features and enhancements

Branding updates:
- The favicon for Ivanti Neurons for MDM is updated to reflect the branding changes.
- The new Ivanti Neurons for MDM logo has been included in all the images that have descriptive text.
- User branding updates to include favicon and logo.
Added Self-service portal enrollment setting: As an administrator, you can create a self-service portal enrollment setting (SSP setting) in the Ivanti Neurons for MDM administrative portal and distribute the SSP setting to selected user groups. This setting lets you display or hide the device enrollment prompt banner for specific users. The Show device enrollment prompts toggle button is added in the SSP setting that helps you do the following:
ON: Display the registration banner

OFF: Hide the registration banner

For more information, see the Configuring the Self Service Portal Enrollment Setting topic on the User Settings page.
Explicit permissions to view license information from the account flyout: Administrators now have the option to create a Cross-Space role with the View Licenses permission option that lets users view the licensing section in the account flyout. The license information is visible by default for the following roles:
- User Management
- System Read Only
- System Management
For more information, see Roles Management.
Device Compliance Status Sync action is added to the Devices page: The Ivanti Neurons for MDM administrative portal lets you sync the device compliance status with Microsoft Azure InTune to ensure that users are able to access Microsoft Office 365 applications. For more information, see Getting Started with Devices.
Sync and associated filters are added to the Users page: You can now filter LDAP users and their count in the following ways:
- Direct Sync
- No Sync
- Indirect Sync
- N/A
For more information, see Finding and Filtering Users.
New rules are added to the IP address filter for creating Device Groups: The administrative portal lets you create device groups based on IP Address using the following new rules:
- is blank
- is not blank
For more information, see Device Groups.
Advanced Search functionality in App Catalog: The Search feature in App Catalog has been improved to fetch the apps that match very closely to the app attributes. For more information, see App Catalog.
Compliance and Blocked columns are added to the Devices page: The Devices page now lets you sort the list of devices by Compliance and Blocked status columns. The columns can be sorted in ascending and descending order. You can click the settings (gear) icon to select and view the columns.
Users page displays visual pillbox for the selected filtered value: When you select a filter value for users, the filtered results are narrowed. In this release, pillboxes are added for each filtered item to indicate the selected value. You can clear the filtered value to remove the filter.

Android features

Enable AMAPI / COSU on all tenants, by default: The administrator does not have to enable AMAPI to have COSU support. By default, the AMAPI support is enabled now.

For more information, see Android Management API.
Screen Management options: The administrator can now configure the screen brightness, orientation, and timeout options on the devices in Device Owner and Device Owner (AOSP) modes.

For more information, see Lockdown and Kiosk: Android Enterprise.
Delete option for Wipe Pending devices: The administrator can now use the Delete Device option to delete devices in the Wipe Pending state from the Device Details page.

For more information, see Wiping a Device.
Set Wi-Fi Security Level on Android 13+ devices: The administrator can now set the Minimum Required Wi-Fi Security Level for devices in Device Owner (including AOSP) and EPO modes.

For more information, see Lockdown and Kiosk: Android Enterprise.
Managed app feedback support on AMAPI devices: The managed app feedback mechanism is now supported on AMAPI devices.

For more information, see Android Management API.

iOS, macOS, and tvOS features

Time Zone field is added in the Device Enrollment Profile form: You can specify the device time zone in the Device Enrollment Profile and the device will be configured in the specified timezone. For more information, see Device Enrollment.

Windows features

Add the ability to import a Windows Store app by searching using the App Name or AppStore ID: When adding a Windows Store app to the App Catalog, the administrator can now search and add the Windows app either by using the App Name or AppStore ID.

For more information, see App Catalog.
Configure the Windows exe apps pre and post-installation scripts, exe files, and generic files: The administrator can now configure pre and post-installation scripts and files, which are executed on the devices before and after the exe installation respectively.

For more information, see Managing Windows Applications.
Add Windows Tunnel app to Business Apps: The Windows Tunnel app can now be added from the Business Apps section because the Microsoft for Business will be deprecated soon.
- If planning to use the Tunnel VPN app via Business Apps and if the Privacy policy is active on the devices, it is recommended that the administrator should enable the non-store and app store inventories, to avoid re-push of the VPN app.
- In case the store version of the app is imported to the catalog and distributed for a non-AAD user, then if the administrator deletes this version and imports the in-house app from the Business app page, the app neither gets installed nor uninstalled because the Tunnel app is not removed from the end user's device.
- For non-AAD users, when a privacy policy is enabled to fetch non-store & store app inventory for Windows and when the master inventory table has Tunnel app as IN_HOUSE, after inventory collection the app will be displayed as unmanaged and Ivanti Neurons for MDM will not be able to uninstall the app during un-distribution or deletion from the catalog. However, it would be removed on retired.

Ivanti Neurons for MDM 88.1 - New features summary

General features and enhancements

Branding-related updates on the administrative portal: As part of the branding updates, the administrative portal now displays the following changes:
- MobileIron Access - Ivanti Access
- MobileIron Tunnel - Ivanti Tunnel
- MobileIron Authenticate - Ivanti Authenticate
- MobileIron Cloud - Ivanti Neurons For MDM
- Cloud - Ivanti Neurons For MDM
- MobileIron EMM - Ivanti Neurons For MDM
- EMM - Ivanti Neurons For MDM
- MobileIron - Ivanti
New device attribute on the Devices Export to CSV page: The Device attribute, Blocked, has been added to the existing list of Device attributes. When you export the Devices report to a CSV file, the report lists Blocked as one of the columns.
Permanent Reports feature is removed: Starting from the current release, the permanent report feature will be removed. The reports that were previously marked permanent will now be updated to standard reports that can be deleted. An indicator appears beside a standard report indicating that the report was formerly a permanent report. For more information about standard reports, see Using Custom Reports and Using Scheduled Reports.
New attributes are added to Device Basic search filter: The following attributes are added to the Device Basic search filter:
- Blocked
- Compliance
New attributes are added to Custom Policy rule builder: The following attributes are added to the Custom Policy rule builder:
- Blocked
- Compliance
  For more information, see Custom Policy.
Updated appearance of check boxes: The appearance of all the check boxes in the Ivanti Neurons for MDM administrative portal are updated.
Azure Device Compliance is added to Audit Trails filter category: A new audit trail log is generated when the device compliance status is updated in the Azure portal. For more information, see Filtering Audit Trail activities in Working with Widgets.
Support for Custom Attributes in Apps: Starting from the current release, you can create custom attributes for applications. The following updates are introduced:
- You can assign custom attributes to multiple applications at once or to an individual application from the Apps > App Catalog page.
- A new Attributes tab is introduced on the Apps > App Catalog > Details page. You can use the Attributes section to add a custom attribute to a single application.
- When you assign custom attributes to multiple applications at once, the attributes are assigned to all the versions of the applications.
- The custom attributes are also available on the following tabs. You can add them to the columns to view the associated values and they also appear in the report when you export the page to a CSV file.
  - Devices > App Inventory
  - Device Details > Installed Apps
  - Device Details > Available Apps tabs
- When you create a report from Dashboards > Report, you can include the Custom Attributes column from the Report Columns page for the following report templates:
  - All Applications
  - Most Used Apps
  - Unmanaged Apps
For more information, see Assigning Custom Attributes to Apps and Attributes.
Renewed certificates installation: Renewed identity certificates pushed from Ivanti Neurons for MDM now install on Android devices. Previously, the configuration state on the Device details page of Android devices in the administrator portal used to change from "installed" to "Pending Install." With this release, the configuration state remains as "installed."
Support to upload and download more records using the Bulk Enrollment Profile option: The administrator can now upload and download 200000+ records using the Bulk Enrollment Profile option. For more information, see Bulk Enrolling devices using CSV file upload.
Support to Delete apps from the App Catalog section: The administrator can now delete some or all the in-house apps from the App Catalog page. For more information, see Deleting Apps from the App Catalog.
The managerId attribute values do not sync: The manager ID attribute values do not sync during migration from Azure AD in the current release.

Android features

Remove the Retire action on devices in Device Owner / Enhanced Profile Owner / Company-Owned Personally Enabled modes: On Android Enterprise, the Retire action is now removed from the devices on Device Owner / Enhanced Profile Owner / Company-Owned Personally Enabled modes. For more information, see Setting up Android Enterprise.
Additional support for in-house APKs on Android: The APKs with certificates having v1, v2, v3, and v4 signatures are supported now.

iOS, macOS, and tvOS features

Introduced Autonomous Single App Mode Configuration: The Autonomous Single App Mode Configuration is introduced in the current release. This configuration lets you ensure that only specific applications run on a device. For more information, see Create Autonomous Single App Mode Configuration.
New fields are added to the Software Updates configuration: The following fields are added to the Software Updates configuration:
- Priority - Specify the priority of the software update.
  Possible values - Low, High
- Max User Deferral - Specify the maximum number of times the system allows the user to postpone an update before it is installed. The system prompts the user once a day. This setting is supported only when you select the Install Later option.
  Possible value - Integer
  For more information, see Configuring software updates for Non-DEP and DEP macOS devices in Software Updates.
New fields are introduced in the Web Clip configuration: The following new fields have been added to the Web Clip configuration:
- Ignore Manifest Scope
- Target Application Bundle Identifier
For more information, see Create a Web Clip Configuration.
Web Content Filter configuration fields are updated: The following fields are deprecated and replaced with the corresponding fields:
- Blacklisted URLs - Use Deny List URLs
- Whitelisted Bookmarks - Allowlisted bookmarks
  For more information, see Web Content Filter.

Windows features

Support to specify Windows app installation date: When installing an app in Silent mode, the administrator can now specify the date on which the app installation should be done. For more information, see Windows app scheduling.
MobileIron Bridge rebranding: The MobileIron Bridge has been rebranded to Ivanti Bridge. For more information, see Bridge and Getting Started with Devices.
Bridge client rebranding: The Bridge client has been rebranded to Ivanti Bridge. For more information, see Bridge.
MSI apps installation during Autopilot enrollment: The MSI apps will be installed in Self-deploying and Pre-Provisioned modes during the Autopilot enrollment process. For more information, see Configuring Windows Autopilot Profiles.
MSI app management on Windows devices: In user-less mode, the MSI apps can be provisioned on Windows devices, which means the MSI apps can be installed on devices even when a user is not logged into the device. For more information, see Managing Windows Applications.

Ivanti Neurons for MDM 87 - New features summary

General features and enhancements

User Provisioning Azure Active Directory page displays IDP attribute: The Attribute Type column displays IDP attribute in the Custom Attributes table in the Edit Settings section of the User Provisioning Azure Active Directory (AAD) page. For more information, see User Provisioning-Azure Active Directory.
Updated Terms of Use: Ivanti has updated the Terms of Use presented by the welcome wizard and available by clicking the Terms of Use link in the Ivanti Neurons for MDM Admin Portal footer.
Graceful handling of csv errors during bulk enrollment of devices: Ivanti Neurons for MDM gracefully handles errors in the csv files an administrator uses to bulk enroll devices, enrolling devices corresponding to valid csv records, and not enrolling devices corresponding to invalid csv records.
Branding-related updates in the administrative portal: As part of the branding updates the administrative portal now displays the following changes:
- Copyright - The copyright statement is updated to reflect the brand changes.
- Strings and messages - All the strings that display MobileIron Cloud are updated to Ivanti Neurons for MDM.
- Logos - The logos are updated to reflect the branding.
- App Catalog - All the strings and messages that display MobileIron Cloud are updated to Ivanti Neurons for MDM.
Branding-related updates in the Self-Service portal: The strings and logos used in the Self-Service portal that refer to MobileIron Cloud are updated to Ivanti Neurons for MDM.
Optimize the Export to CSV option for User Provided certificates: User provided certificates can be exported using the new User-Provided Certificates tab in the Certificates Management page. The Export to CSV button lets you download the certificates that were uploaded by the users. The advance search option is also available for you to search for specific certificates. For more information, see Certificate Management.
Updated appearance of buttons: The look and feel of all the buttons in the Ivanti Neurons for MDM administrative portal are updated.
Bulk enrollment permissions are added under Devices with Cross-Space Role: You can assign Bulk Enrollment permissions to the devices that are assigned with Cross-Space Role from the Roles Management page. For more information, see Roles Management.
Rename policy compliance action Block via Sentry to Block: The policy compliance action Block via Sentry has been renamed to Block. This Block action applies to both Sentry and Access. For more information, see Working with Policies.
Add custom attribute values for Managed app config: When custom attribute values are added by the administrator, these values can be referenced with custom, user, or device attribute updates. For more information, see Attributes.

Android features

Network and Security logging using the Device Logging configuration: The Device Logging configuration enables an administrator to request debug logs. These debug logs can include or exclude bug reports of specific Android devices. For more information, see Device Logging configuration and Configuration Types.
Generate QR code for bulk enrollment of devices: Administrator can now generate a QR code to enroll devices in bulk mode. This QR code can also be emailed to all the required users. For more information, see Bulk Enrolling devices using CSV file upload.
Support for FIDO Authentication: As part of FIDO-based authentication, SAML now supports including a username in an authentication request. The Allow FIDO Auth option is added to the Lockdown configuration. For more information, see Configure Identity Provider and Lockdown and Kiosk:Android Enterprise.
Allow users to update the location-based services: Administrators can now let users allow or disallow the location-based services when needed. For more information, see Privacy Configuration.

iOS, macOS, and tvOS features

macOS 13-related features
- Enhanced options in SSO Configuration: The following extensions are added to the SSO Configuration:
  - Extensible single sign-on account settings:
    - Authentication Method
    - Registration Token
  - Extensible single sign-on Kerberos account settings > Preferred Key Distribution Centers:
    - Allow Platform SSO Auth Fallback
    - Perform Kerberos Only
    - Use Platform SSO TGT
    For more information, see Single Sign-On Configuration.
- New macOS restrictions: The following restrictions can be added for devices with macOS 13:
  - Allow Rapid Security Response Installation
  - Allow Rapid Security Response Removal
  - Allow USB Restricted Mode
  - Allow Universal Control
  - Allow UI Configuration Profile Installation
New iOS restrictions are added: The following restrictions can be added for devices with iOS 16:
- Allow Rapid Security Response Installation
- Allow Rapid Security Response Removal

Windows features

Add new hardware attributes to Reports: New hardware attributes have been added to the Device group attributes list. These attributes can be used to create Reports as well. For more information, see Using Custom Reports.
Support to configure Start menu layout on Windows 11 devices: Administrators can now configure the Start menu layout on Windows 11 devices. For more information, see Start menu and Taskbar.

Ivanti Neurons for MDM 86.1 - New features summary

General features and enhancements

Branding-related updates: As part of the branding updates the administrative portal now displays the following changes:

Login page - The appearance of the login page is updated.
About Ivanti - The About statement is updated to reflect the branding.
Privacy Policy - The privacy policy now displays the policy details on the Ivanti, Inc official website.
Copyrights - The copyrights statement is updated to reflect the brand changes.

License name is updated: The MobileIron Gold License name is updated to Secure UEM Premium License in the Admin > Microsoft Azure > Office 365 App Protection page.
Sentry certificates will be validated: Previously, the Sentry certificates were not validated while creating the Sentry profile. Starting from this release, if any of the following conditions do not meet for Sentry server TLS certificate, the Ivanti Neurons for MDM administrative portal will display the related error or warning message:
- If the leaf certificate does not contain a chain to any certificate authority or if there is no certificate authority in the uploaded file - error
- If there is no root certificate authority available - warning
- If the root certificate authority has not signed off the intermediate certificate authority for the leaf certificate - warning
- If the rules that are mentioned in the following URL are violated: - warning
  https://support.apple.com/en-us/HT210176
For more information, see Setting Up AppTunnel.
Updated appearance of buttons: The look and feel of all the buttons in the Ivanti Neurons for MDM administrative portal are updated.
Optimize the Export to CSV option for DEP enrolled devices: Device details can be exported using the new Export to CSV button from the Device Enrollment page. For more information, see Device Enrollment.
Report table column headings are updated: The table column headings of the Reports page are updated as follows:

Column heading labels are updated
Sorting is implemented on all columns
Toggle for Enable/ Disable report is now available when you view the report
The date format is updated to YYYY-MM-DD

Set Admin Notifications for new Public App Versions in Apple Store or Google Play: The administrative portal displays notifications when new versions of applications are available. You can set the notifications from the Catalog Settings page. The feature is applicable for iOS, Android, and macOS public applications. The administrator can set the frequency of notifications as follows:
- Once a day
- Once a week
For more information, see Catalog Settings.
The Retry Install on Error option is available separately: The Retry Install on Error option is added to the Device Configurations under Space-Specific Role to allow users to retry application installation if there was an error. Previously, the Retry Install on Error option was part of the Device Management role. If you add the Device Management role, all the associated permissions were added to the role. For more information, see Roles Management.
The Bulk Assign Via Upload option is available separately: The Bulk Assign Via Upload option is now available for the administrator to add to a custom role from the Device Actions menu. Previously, the Bulk Assign Via Upload option was available as part of the Device Management role. If you add the Device Management role, all the associated permissions were added to the role. For more information, see Roles Management.
Edit option is added for the Reports-Action menu: The Action drop-down menu in the Reports page now contains the Edit option to allow the administrator to edit the report. For more information, see Using Scheduled Reports and Using Custom Reports.
Azure device compliance fields are included in the CSV export: The following Azure device compliance fields will be populated in the CSV file when you export the devices list from the Device or the Device Groups page. This function is applicable for iOS and Android devices.
- Azure Device Identifier
- Azure Device Compliance Status
- Azure Client Status Code
- Azure Device Compliance Report Time
- Azure Intune Device User UPN
For more information, see Getting Started with Devices and Device Groups.
Use the package ID of the receipts for MIP packages with no applications: When importing MIP applications in the app catalog the administrative portal generates the package ID based on the receipts if there are no applications in the MIP package. The first receipt is selected when there is more than one receipt.
Optimize Export to CSV for Users by User Group details (UI updates): The User Group details can be exported using the Export to CSV option from the User Groups page.
Support to onboard extension apps on AMAPI devices: During the device enrollment process, an extension app will be distributed to the AMAPI device in COSU mode. For more information, see Android Management API.
Enhanced autocomplete security: Ivanti Neurons for MDM no longer prompts users to save for later autocomplete use the values in fields containing sensitive information.

Android features

Remove TeamViewer Activation for Help@Work: It is now possible to remove the TeamViewer Activation for Help@Work using the Remove Activation option. For more information, see Help@Work.
Support for app restrictions and permissions on In-house apps for Android devices: The administrator can now set restrictions and grant or revoke permissions on In-house apps for Android devices. For more information, see Managed Configurations for Android.
End of service for Samsung E-FOTA licenses: Samsung has announced the end of service for E-FOTA by the end of July 2022. So, the Samsung E-FOTA License Management will not be available from now on. For more information, see Samsung E-FOTA License Management.
Support for Always-on configuration in COSU mode: When an app with an Always-on configuration is pushed to a COSU-enrolled device, the configuration also gets pushed to the device. For more information, see Always-on VPN Configuration.
Onboarding the Setup apps in COSU mode for AMAPI devices: When enrolling an AMAPI device in COSU mode on Ivanti Neurons for MDM, Ivanti Go should be distributed by default as a companion (aka extension) app. For more information, see Android Management API.

iOS, macOS, and tvOS features

Added User’s Screen Saver Configuration: The User’s Screen Saver Configuration is added to the Configurations page to enable the administrator to configure the user's screen saver details on the device. For more information, see Configure User's Screen Saver.
Specify the duration to retry login attempt in Passcode Configuration: The administrator can specify the wait duration in the Minutes until failed login reset field on the Passcode Settings Configuration page to allow the user to retry logging in after the user reaches the maximum number of unsuccessful login attempts. For more information, see Passcode Configuration.
Create Home Screen Layout Configuration updated: The Device channel distribution option is added in the Create Home Screen Layout Configuration. For more information, see Home Screen Layout Configuration.
Support for pushing OS software to multiple devices: The administrator now has option to select multiple devices and push OS software update from the administrative portal Devices page to multiple devices. All the eligible iOS devices from the selected devices can be updated to the latest version or the specific version specified by the administrator.
Support for iOS applications on Apple Silicon devices: Starting from this release the iOS applications that are enabled to Allow app installation on M1 Devices upon distribution, are listed in App Catalog and Mobile@Work for macOS. You can install these applications from App Catalog and Mobile@Work for macOS.
Search is applied on Apple Device Enrollment account page: The Apple Device Enrollment Account list page allows you to perform a search on the following columns:

Name
Apple Account Name

For more information, see Device Enrollment.

Support to skip Terms of Address: Administrators can now allow users to skip the Terms of Address pane during device setup. For more information, see Device Enrollment.
Support for the new setting EnableXLAT464 in cellular configuration: You can now select EnableXLAT464 as part of the cellular configuration of iOS devices. This option provides IPv4 services over an IPv6-only network. For more information, see APN Configuration.
Support for extended iOS MDM CA challenge: Currently, the iOSMDMCA Challenge expiry is set to 20 minutes. You can enable the following feature flag to extend the expiry to six hours:

feature.migration.ca.challenge.override.enabled
Updated settings for shared iPad devices: The following settings are available from the Ivanti Neurons for MDM administrative portal for shared iPad devices:
- Set Online Authentication Grace Period: Currently, a Shared iPad requires the device be connected to the internet when a user attempts to sign in. Starting from iPad OS 16, a shared iPad can default to using the local password for existing users on the device and requires no network connection. As an administrator, you can choose to either enforce the remote authentication to always or set the grace period to a specific number of days. For more information, see Device Enrollment.
- Display default domains on the login screen: Starting from iOS 16, shared iPad devices will display Apple ID domains with the user name field, for the user to select during login. For more information, see Device Enrollment.
New iOS restrictions are added: The following restrictions can be added for devices with iOS 16:
- Allow Rapid Security Response Installation
- Allow Rapid Security Response Removal

For more information, see iOS Restrictions .

Windows features

Support to create Azure AD (AAD) Groups: The administrator can now create AAD Groups that can be assigned to Autopilot Profiles. For more information, see Configuring Windows Autopilot Profiles.
Option to select an authentication certificate store to connect to the Wi-Fi network: The administrator can select one of the following three authentication certificate stores to connect to a Wi-Fi network:
- Machine or User
- Machine
- User
For more information, see Wi-Fi Configuration.
Support to configure reboot option post app installation: The administrator can now configure Reboot Device after Install option for an app from the App Configuration section. For more information, see App Configuration.
New Device attributes for creating Device groups: When creating new Device groups, the following Device attributes have been added to the existing list of Device attributes:
- BitLocker Encryption
- OS Edition
- TPM version
For more information, see Device Groups.
Improvements to the Deployment Package process: The Deployment Package process has been improved now when enrolling the EPM and SCCM devices to Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.

Ivanti Neurons for MDM 85.1 - New features summary

General features and enhancements

MobileIron Cloud is now Ivanti Neurons for MDM: You can see the Ivanti Neurons for MDM logo on the following pages of the administrative portal and the self-service portal:
- The login page - administrative portal and self-service portal
- The left navigation bar in the expanded and collapsed state - administrative portal
All the instances of Cloud are also updated to Ivanti Neurons for MDM in the Ivanti Neurons for MDM Administrator Guide.
Enhanced appearance of text fields: The appearance of the text fields is enhanced in the Ivanti Neurons for MDM administrative portal.
Enhancement to the Devices page: The Device Group Name filter is added to the Manage Filters wizard on the Devices page. For more information, see Finding and Filtering Devices.
Updated steps to Edit Settings in the User Provisioning Azure AD page: The steps to edit the settings to modify Azure AD user provisioning and to add custom attributes from the directory setting are updated. For more information, see User Provisioning Azure Active Directory.
Filter introduced to the Users page: The Manage Filters wizard is introduced on the Users page to enable search from various sections that are available in the Filter side navigation bar. For more information, see Finding and Filtering Users.
Buy More Licenses and Upgrade Now buttons are retired: The Buy More Licenses and Upgrade Now buttons are removed from the Account side navigation bar and the Upgrade Options page of the Ivanti Neurons for MDM administrative portal as follows:
- Account > Buy More Licenses (button)
- Account > License Info > Upgrade Now (button)
- Account > License Info > Buy More Licenses (link)
Install application only at registration: You can now install an application during device registration to help users with required on-boarding applications. If a user deletes an application from the device, the server does not push the application again. This is applicable for iOS, Android, and macOS (not applicable for macOS public apps). For more information, see App Configuration.
New asynchronous process for the Send Install/Update Request command for iOS apps: When you use the Send Install/Update Request command, the administrative portal displays a message that the:
- process will continue to run in the background
- process is complete
- status whether the process is successful or if there are any errors
Set the frequency of application notifications: Native app catalog receives notifications when the application updates are available in Apps@Work. The administrator can configure end-user notifications for new application updates that are available in App Catalog and set the frequency as follows:
- Once a day
- Once a week
For more information, see Catalog Settings.
Native AppCatalog branding is enabled: Branding features are supported for the integrated native App Catalog.
Optimize Export to CSV for Users (UI updates): The user details can be exported using the Export to CSV option from the Users page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Exporting Users.
Optimize Export to CSV for Devices by Device group based on Device count (UI updates): The Device details can be exported using the Export to CSV option from the Devices page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Device Groups.
Optimize Export to CSV for Devices by Device group (UI updates): The Device details can be exported using the Export to CSV option from the Devices page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Device Groups.
Support to enable all AE modes along with missing rules in the Spaces rule builder: The 29 partition rules which were not available in the space rule builder are added now. The list includes all the rules which were present in the device group rule builder but missing in the space rule builder. In addition to the missing AE mode rules, other missing partition rules that were present in device groups are added to the space rule builder. For more information, see Managing Spaces.

Android features

Device battery status: The device battery information like the Battery Level, Health Status, Charging Status, Health Percentage, Manufacture Date, and Charging Cycles is now available on the Device details page. For more information, see Getting started with Devices.
Simplified Re-registration process on Android devices: The administrator does not have to clear the existing entry when the device tries to re-register in any mode on the same tenant. For more information, see Device Registration (iOS, macOS, and Android).
Support for variable substitution: The administrator can now provide substitute variables in the managed app configuration for all the apps in AMAPI (Android Management API) dependent modes. For more information, see Managed Configurations for Android.
Push device settings and restrict configuration fields: The administrator can now push the device settings or settings with values to devices in the managed app configuration. Also, the administrator can set some restrictions when managing apps to control which fields to be sent to the devices. For more information, see Managed Configurations for Android.

iOS, macOS, and tvOS features

Support for Python and Swift script types and custom variables: The All Scripts page now supports Python and Swift script types and custom variables. These new scripting languages will be supported only on devices that contain client version 85 or higher. For more information, see All Scripts.
Updated Client Registered device status indication: Previously, for Mac devices, the Client Registered status field in the Device Overview tab was not set correctly. Starting from the current release, if a Mac device has the Mobile@Work for macOS client registered, the Client Registered status indicates Yes.
iOS VPP applications can be installed on M1 Mac devices: You can now install iOS VPP app on M1 Mac devices as managed application and the following operations are supported:
- In the Install app configuration settings select the Install as managed app option
- Select or deselect one or more of the following options from the Apple Management Settings:
- Add an Apple Managed App Configuration
The Allow Mail Privacy Protection restriction is added to the iOS Restrictions Configuration: The Allow Mail Privacy Protection restriction is added to the iOS Restrictions Configuration. This option helps protect your privacy by preventing senders from learning about your email activities. When the Allow Mail Privacy Protection configuration is installed and enabled from the Ivanti Neurons for MDM administrative portal, the Protect Mail Activity toggle is enabled on the device and the following options are visible:
- Hide IP Address - The email sender cannot link the email to your online activity or determine your location
- Block All Remote Content - Prevents the email sender from seeing your email activities
For more information, see iOS Restrictions.
The Allow Apple TV's automatic screen saver restriction is added to the Create iOS Restrictions Configuration: The Allow Apple TV's automatic screen saver restriction is added to the Create iOS Restrictions configuration. For more information, see iOS Restrictions.
Screen Saver configuration is added for macOS devices: The Screen Saver configuration is added to the list of existing configurations for macOS devices. This configuration is supported for macOS 10.11 and higher versions. For more information, see Create Screen Saver Configuration.
New settings are added to firewall configurations: The following new options are added to the Mac device firewall configuration:
Sorting applied on Apple Device Enrollment account and profiles pages: The Apple Device Enrollment Account list and the Device Enrollment Profile page allow sorting. Sorting is applicable in the following columns :
The sorting does not persist when you navigate away from the page.
Profiles page:
- Profile name
- Description
- Department
- Support Phone number
Accounts page:
- Name
- Apple Account Name
- Last Sync
- Token Expires
For more information, see Apple Device Enrollment.

Windows features

Windows Updates page enhancements: The Windows Updates page has new columns that provide additional information about the updates distributed to different devices. The Windows Updates page will now provide the number of devices that are eligible to install updates, failed updates, etc. For more information, see Windows 10 Update Management.
Support for ARM on Windows devices: Ivanti Neurons for MDM now supports Windows ARM-based devices.
View devices by build version on Windows devices: The administrator can create Charts using Widgets to filter out the Windows devices based on the build versions. These charts allow admins to see devices by their Windows OS Update build version, providing a global view of the patches applied. The administrator can even filter out the devices based on the OS build version. Users can click on the Number of devices link to view a filtered list of the devices on any particular OS build version. The filtered list helps the administrator to verify if the updates and patches have been applied to Windows devices on a particular build version or not. If the patches and updates are not installed correctly, the administrator can troubleshoot to resolve the issues. For more information, see Dashboard.
App dependencies on Windows devices: The administrator can set dependencies for certain apps on Windows devices now.

Case 1: The Bridge app is a prerequisite app which is not distributed, and the main app is an exe which is distributed silently. When the dependency is removed, the Bridge app will be uninstalled, but the exe fails after this step. The administrator should make sure that the Bridge app is not undistributed by default.

Case 2. Prerequisite app is undistributed, and a main app is distributed normally (not in Silent mode). In case the prerequisite app successfully installs, but main app fails to install, then immediately the prerequisite app fails retry of failed main app only when the user triggers as install request.

For more information, see Deploying app dependencies.

Ivanti Neurons for MDM 84.1 - New features summary

General features and enhancements

Access app details from the App Inventory: Administrators can click an application link from Devices >App Inventory to navigate to the corresponding application details page in the App Catalog. For more information, see App Inventory.
Persistent App Inventory search results: Clicking the browser back button from the Devices page arrived at after having clicked the device number link in App Inventory search results invokes the App Inventory page with original search results loaded.
One-click view from the App details page of all versions and inventory details of a specific app: An administrator can click the View App Inventory (all versions) link from Apps > App Catalog >selected app to view in Devices > App Inventory a filtered list by bundle ID of that app. For more information, see Viewing app inventory information from app details page.
Search app inventory by bundle/package ID: Administrators can search Devices > App Inventory by name or bundle/package ID. For more information, see App Inventory.
Device registrants can specify device ownership during enrollments involving an idP (Identity Provider) flow: When Ivanti Neurons for MDM captures device ownership information during enrollments involving identity providers, administrators can avoid having to manually assign device ownership after enrollments.
Display of workflow images in User Provisioning Azure AD page: The User Provisioning Azure AD page in the Ivanti Neurons for MDM administrative portal displays the workflow stages of users and user group migration from Azure AD to Ivanti Neurons for MDM. For more information, see Azure Active Directory User Provisioning
Import YAML file to create and edit configuration: Ivanti Neurons for MDM administrators can use a YAML file to create or edit a configuration from the Configurations page. For more information, see Working with Configurations.
Support for pushing configurations to devices specific to spaces: Configurations can be pushed to devices specific to spaces and the devices in other spaces remain unaffected. The configurations can be pushed to either a single space or multiple spaces or all spaces at a time. For more information, see Working with Configurations.
Pagination is implemented to display long list of users: When you search for users in LDAP > Manage Users page and if there is a long list of users, the Ivanti Neurons for MDM user interface does not display all the users. This issue is now fixed. At a time 15 users are visible and as you scroll the next 15 users are displayed.
Improved certificate retrieval from connector: When Ivanti Neurons for MDM requests the connector to generate an external certificate, and if the connector is not reachable, Ivanti Neurons for MDM waits at the following intervals. During the wait interval, Ivanti Neurons for MDM does not process any new certificate generation requests for the configurations that are linked to specific Dynamically Generated Identity Certificate (IDDG). However, if a certificate generation is successful after any level of wait time, then the current wait time at any level is cleared and all the subsequent requests are processed. The wait time is set to level 1 at the subsequent failure.
- level 1=5
- level 2=50
- level 3=500
Updated message in the Enrollment and the Remediation pages for Android devices: The Enrollment and Remediation pages display an updated message on Android devices in any of the following conditions:

If an Android device is not enrolled in Azure Active Directory (AAD) and you launch any of the Office 365 applications, the default Ivanti Neurons for MDM Enrollment page displays a message.
If the enrolled Android device is out of compliance and you access any of the Office 365 applications, the default Ivanti Neurons for MDM Remediation page displays a message.

Bulk action supported in Configurations: Ivanti Neurons for MDM offers the following bulk action for Configurations:
- Push - You can select multiple configurations from the Configurations page and push them to multiple devices at once.
- Delete - You can select and delete multiple configurations at once.
  The configurations that are disabled can be deleted. However, configurations cannot be deleted if any of the following conditions exist:
  - The configuration is required for proper system function.
  - Deletion of the configuration retires devices.
  - The configuration is used in other configurations.
  - The configuration is linked to a Sentry profile.
  - The configuration is used in the application configuration.
  For more information, see Working with Configurations.
Support for branded and core migrated clients: The native app catalog is an alternative to the A@W webclip. The native app catalog feature makes it possible for end users to see the app catalog information inside the Go client iOS app. Customers using the following clients can use Apps@Work Webclip:
- Migrated (branded)
- AtWork
  For more information, see Apps@Work (iOS, Android, Windows, and macOS) and iOS Apps@Work AppStore Features.

Restrictions on admin user roles and permissions visibility: The Spaces selected for Devices, Device Groups, Apps, App Inventory, Content, Configurations, Policies, and Certificate Management modules is visible to the user only if the user has the required permissions. For more information, see Managing Spaces.
Self-Service Portal UI changes: The font type of the Self-Service Portal is updated from Helvetica Neue to Inter.
Rename iOS SCEP to Apple SCEP: The iOS SCEP has been renamed to Apple SCEP because it is supported for macOS as well. For more information, see Identity Certificate.
Export Custom Attributes from Device page: The Custom Device Attributes with their values can be exported to .CSV format from the Device Details page. For more information, see Assigning Custom Attributes to Devices.
Export Custom Attributes from Users page: The Custom Device Attributes with their values can be exported to .CSV format from the Users page. For more information, see Exporting Users.
Optimized Export to CSV for App Inventory: The App inventory export is now asynchronous, allowing use of the user interface during the export. The App Inventory details can be exported using the Export to CSV option from the Devices page. After download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Exporting an App Inventory.

Android features

Android Enterprise Managed Google Accounts binding: Users must bind the Ivanti Neurons for MDM with a Managed Google Enterprise account using the recommended client id. For more information, see Admin - Android Enterprise.
File Transfer Configuration: A new configuration File Transfer is available on the App Catalog for Android devices. This configuration can be used to transfer files to the device and these files can be shared from MobileIron Go to other apps on the same device. For more information, see Android File Transfer Configuration.
Improved app feedback mechanism: The app feedback report on Device details and App details page provides detailed information and provides placement of reported settings (in the Managed app config of the app) based on the feedback received from apps. For more information, see Synchronizing and fetching app feedback.
Support for 5G network slicing on Android devices: On Android 12 devices with a Work Profile on Company Owned node, the admin has an option to provide 5G network slicing. For more information, see Lockdown and Kiosk: Android Enterprise.

iOS, macOS, and tvOS features

Associated Domains configuration for macOS is added: The Associated Domains configuration is a dictionary that maps apps to their associated domains. Associated domains can be used with features such as Extensible AppSSO, universal links, and Password AutoFill. For more information, see Configuration Types .
Update OS Version device action allows administrators to update iOS devices to a specific OS version: The Device > Actions menu option-Schedule iOS Update is now renamed to Update OS Version for Supervised iOS devices. The system lets you update to any applicable specific OS version. For more information, see Schedule iOS Update.
Support for software update for non-Dep supervised macOS devices: Ivanti Neurons for MDM now supports software update for non-Dep supervised macOS devices that are registered through iReg or Client. For more information, see Software Updates.
Support for $userRealm custom attribute: A new custom attribute $userRealm is now added to the Ivanti Neurons for MDM administrative portal. This attribute supports AAD users. Custom attribute support is enabled for the Kerberos realm name in all SSO configurations. The Kerberos principal name field is renamed as User name in all the SSO related configuration fields. For more information, see Single Sign-On Configuration.
Audit Trail logs application icon change activity: Audit trail now saves logs of application icon change for iOS and macOS devices. After an application icon is changed, you can track the following details:
- Activity: Upload Icon
- Status
- Performed By
- Performed At
- Performed On
- Details
- Before and After icon images
For more information, see Working with Widgets.
Updated macOS Restrictions Configuration: The following restrictions are added to the macOS Restrictions Configuration:

Enforced Fingerprint Timeout: You can specify the duration of Forced Fingerprint time-out for supervised registered macOS devices from the macOS Restrictions Configuration page. After the time-out duration is completed, the user is prompted to log in using the device password. The default Touch ID Timeout duration is 48 hours. The device provides you with the option to login using the Touch ID or the password.
allowCloudPrivateRelay: If you set the Private Relay ON in a macOS device, the network traffic is encrypted so that the internet activity is private and secure. This restriction requires a supervised device.

For more information, see macOS Restrictions.

Updated iOS Restrictions Configuration: The following restrictions are added in the macOS Restrictions Configuration:
- Force authentication before autofill: The device owner must authenticate before passwords or credit card information can be auto-filled in the Safari browser and in applications. Only supported for devices that have Touch ID or Face ID enabled. This restriction requires a supervised device.

For more information, see iOS Restrictions.

Windows features

Windows Device Management for Autopilot feature: Windows Autopilot feature must be configured from the Windows Device Management section instead of the AAD User Source section. For more information, see Configuring Windows Autopilot Profiles.
Bridge Last Check-in details: The Bridge Last Check-in details can now be viewed on the Device details page. For more information, see Bridge.
Ivanti Neurons Agent app availability on App Catalog: The Ivanti Neurons Agent app is available on the App Catalog now. The admin can add and deploy the Neurons Agent app as an in-house app through Ivanti Neurons for MDM on Windows devices.

Ivanti Neurons for MDM 83.2 - New features summary

General features and enhancements

The following UI enhancements are made in Ivanti Neurons for MDM release 83:

Font: The font type in the Ivanti Neurons for MDM 83 administrative portal is changed from Helvetica Neue to Inter.
Buttons: The look and feel of all the buttons in Ivanti Neurons for MDM have been updated.
License information: Starting from Ivanti Neurons for MDM release 83, the account details section in Ivanti Neurons for MDM displays the license details as follows:
Subscription type Billing type Device license count
Recurring MRC x Devices/ User license used
Term non-MRC x of y Devices/ User license used
Duplicate display of count in the Configurations page: The count in the Install, Pending, Available, Error columns, and the number of apps in the Dashboard > Apps page display duplicates for the first 15 days after Ivanti Neurons for MDM is upgraded to 83. The count shows consistent values after 15 days of the upgrade.
Quick search field in the Windows 10 Update Management page: The Admin > Windows 10 Update Management page now contains a quick search for the Knowledge base ID field. For more information, see Windows 10 Update Management
The Go button is now removed

Inactivity timeout limit: You can configure the Inactivity Timeout range of the Ivanti Neurons for MDM administrative portal up to 60 minutes. For more information, see User Settings.
Support for PIN authentication and bypass identity provider: During device registration, the administrator can bypass the identity provider option and provide the user with the option to authenticate using a PIN instead of authentication using the identity provider page. For more information, see User Settings.
Password field introduced in iOS MDM Configuration page to enable profile deletion: A new password field is added in the iOS MDM Configuration page and the password can be used to delete a profile from the device. If you set a password in the Ivanti Neurons for MDM administrative console and if a user tries to delete the user profile from the device, the user receives a prompt to enter the password required to delete the profile. For more information see Configuring an iOS MDM Profile.
Session timeout redirects to identity provider login screen: When the session times out in Ivanti Neurons for MDM, users are redirected to the identity provider login screen.
Note: Ensure that the Disable Force Authentication check box is cleared in Okta.
Notification page displays status of application upload: Starting from Ivanti Neurons for MDM release 83, when you add the following types of applications in App Catalog, a notification is generated in the Dashboard > Notification page. The notification also contains a link that redirects you to the application in the App Catalog.
- public application
- in-house application
- new version of an in-house application
Azure AD User Provisioning: Starting from Ivanti Neurons for MDM release 83, Azure Active Directory (AAD) User Provisioning replaces AAD User Source. Azure Active Directory User Provisioning uses the SCIM protocol to synchronize Azure Active Directory with Ivanti Neurons for MDM and allows for partial user and group sync. For more information, see Azure Active Directory User Provisioning.

Subscription type	Billing type	Device license count
Recurring	MRC	x Devices/ User license used
Term	non-MRC	x of y Devices/ User license used

Feature disabled June 16, 2022: Ivanti is investigating an issue with this feature and has disabled it. Ivanti will share a link to a related Knowledge Base (KB) article shortly to the Ivanti Community portal.

Quick search field is added to Classes and Individuals tabs in Apple School Manager: The quick search field lets you search for the details related to Classes or Individuals.

Use the quick search to search the following from the Classes tab:

Class ID
Course Name
Instructor
Location
Room

Use the quick search to search for the following from the Individuals tab:
- Person ID
- First Name
- Last Name
- Apple ID

For more information, see School Manager.

Application dependencies are now available for iOS and Android applications: Administrators can now configure prerequisite applications for iOS and Android applications.
For more information, see Deploying app dependencies.

Android features

Device Name Settings on Android devices: When the admin generates the Device Details report, the actual device name is shown rather than the device model or manufacturer's name. In case the user changes the device name, the new name will be shown the next time the report is generated. For more information, see Device Name Settings.
Allow USB for Charging Only option: Company-Owned Android devices have a new option Enable USB for charging only that allows the USB port for charging only. This option is available in Work Managed Device (DO) and Managed Device with Work Profile on Company Owned Device (EPO) modes. For more information, see Lockdown and Kiosk: Android Enterprise.
Support for 5G network slicing on Android devices: On Android 12 devices with a work profile, the admin has an option to provide 5G network slicing. For more information, see Lockdown and Kiosk: Android Enterprise.
Support to clone App Configuration Settings on Android devices: The admin can clone the App Configuration Settings so that the same settings can be applied on different Android devices. For more information, see App Configuration.

iOS, macOS, and tvOS features

Auto-register Go device users using QR code or link: As a convenience, instead of iOS device users manually entering registration credentials, you can set up an infrastructure to use a QR Code to automatically enter the registration credentials for the device user. You can now register your iOS devices by scanning the QR code from the Go 83 client application onwards. Users can generate the QR code from the end user portal. This capability is supported for iOS 14 and higher versions. For more information, see Device Registration (iOS, macOS, and Android).
Apps@Work available from Go for iOS: Starting from Ivanti Neurons for MDM release 83, you can transition to Apps@Work native experience from Go application. The Apps@work native appstore is deployed automatically with the Go app client. For newly created tenants no action is required from the administrator. The Apps@work tab is displayed on the Go app client task bar and end users can view and install their company approved apps from Apps@Work. For newly created tenants the administrator can distribute the Apps@work Webclip configuration to iOS and macOS devices. For more information, see Apps@Work (iOS, Android, Windows, and macOS).
Configure the Setup Assistant for iOS and macOS: The Configuration Setup Assistant lets you select the setup screens that you want to skip during device setup. For more information, see Configuring the Setup Assistant.

Windows features

Provisioning Package Enrollment with PIN for devices managed by Ivanti Endpoint Manager and Microsoft Configuration Manager: The admin can enroll the devices managed by SCCM and Ivanti Endpoint Manager in the Ivanti Neurons for MDM. This feature bypasses the manual enrollment for the devices by the end users. The admin can use this enrollment system to manage their enterprise devices in the Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.
Audit Trails on Autopilot Profiles: The Audit Trails option is now available for the Windows devices enrolled in the Autopilot mode. For more information, see Audit Trails on Windows Autopilot Profiles.
Recover Service Failure using the new version of Bridge 2.1.14: The new version of Bridge 2.1.14 gets imported into the App Catalog for all the users. This new version includes a support for the Bridge Service Failure Recovery option as well. In some rare cases, the Bridge Service may fail without any known reason. Support for this service is available in Bridge 2.1.14 and later versions. For more information, see Bridge.

Ivanti Neurons for MDM 82.1 - New features summary

General features and enhancements

Display error count in the Configurations page: The Configurations page now has the option to display the Error column to indicate the number of configurations that are in error state on the devices. Also, a description of the metric is provided for each column when you mouse over the icon adjacent to the column name.
Ivanti Neurons for MDM SAML session timeout duration to honor IdP default timeout: The identity provider (IdP) now successfully authenticates users during a valid IdP session, even if the Ivanti Neurons for MDM session has timed out.
Application dependencies listed in Audit Trail for macOS applications: The Audit Trail page now displays the supported prerequisite applications in specific fields as follows:
- appVersionId
- name
- platformAppId
The prerequisite applications that are auto-delegated or undelegated containing the following fields are displayed:
- dmPartitionDistributionType
- dmPartitionDistributionReason

For more information, see Deploying app dependencies.

Unique details to help differentiate between duplicate LDAP and AAD user groups: GUID, DN, and source details are displayed under duplicate LDAP and AAD user groups to help the administrator differentiate between the groups during distributions. This is implemented in the following pages and is visible when duplicate groups are present:
- User > User Settings > Device Registration Setting (+ Add setting for specific user groups) > enter a user group name
- User > User Settings > User Invite Reminder Setting (+ Add setting for specific user groups) > enter a user group name and Frequency
- Apps > App Catalog > App Details > Distribution > Edit > User Groups
- Configurations > +Add > Privacy > enter a user name > click: Next > Custom > User Groups
- Apps > App Catalog > App Details > App Configurations > + > Custom > User Groups
- Content > Hosted Content > Add > Distribution step
Display status message of Install/Update requests: Sending install or update commands for VPP applications are supported. Also, the following updated status messages are displayed when you send install or update commands from the Ivanti Neurons for MDM administrative portal:
- Failure:
- Success:
Bulk action supported in Configurations: Ivanti Neurons for MDM offers the following bulk action for Configurations:
- Delete - You can select and delete multiple configurations at once.
  The configurations that are disabled can be deleted. However, configurations cannot be deleted if any of the following conditions exist:
  - The configuration is required for proper system function.
  - Deletion of the configuration retires devices.
  - The configuration is used in other configurations.
  - The configuration is linked to a Sentry profile.
  - The configuration is used in the application configuration.
  For more information, see Working with Configurations.
App dashboard shows app count on devices that are checked-in the last 15 days: In Ivanti Neurons for MDM, app dashboard now shows app count on devices that are checked-in the last 15 days. Previously, this was set to 24 hours. For more information, see App Insights.

Android features

Support for new scope delegation using EMM API: The admin can assign some Delegated Permissions using EMM API. For more information, see App Catalog.
Support for new scope delegation using AMAPI: The admin can assign some Delegated Permissions using AMAPI. For more information, see Android Management API.
Support to configure high-priority app updates on AMAPI devices: The admin can configure high-priority app updates on AMAPI-enrolled devices in the COSU or other future modes. For more information, see App Configuration.
Recommendation to use a 6-10 digit PIN to exit the Kiosk Mode from the device: Admins are recommended to use a 6-10 digit PIN to exit the Kiosk Mode from the device. This PIN is applied to all the devices in Kiosk Mode. For more information, see Lockdown and Kiosk: Android Enterprise.
Support for new scope delegation using EMM and AMAPI - User Interface updates: New options, Manage Network Log Collection and Manage Certificate Selection added to the Delegated Permissions section. The admin can apply these options on some apps to receive network logs and select certificates.
Passcode and Lock Screen Configuration settings: For devices on Android v12.0+, the admin can set Passcode complexity to None, Low, Medium, or High. On Android v12.0+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity is supported, and Passcode Quality is deprecated for Device Passcodes. The existing Passcode Quality configuration will be automatically converted to Passcode complexity for Device Passcode. For more information, see Advanced Android Passcode and Lock Screen.
Support to share recently logged-in usernames for Android Shared Kiosk devices: The last seven user names remain available with the Go client when a user logs in and logs out from Android Shared Kiosk devices. For more information, see Setting Up Kiosk Mode for Android and Lockdown & Kiosk: Android Enterprise.
IDP Authentication for the Android Shared Kiosk devices: The IDP or passive authentication is supported in Android Shared Kiosk devices now. For more information, see Setting Up Kiosk Mode for Android.
Added support for permitted inputs in the EPO mode: The Restrict Input Methods option is supported only on Android 10 and 12+ devices, not on Android 11 devices. For more information, see Lockdown and Kiosk: Android Enterprise.

iOS, macOS, and tvOS features

Support for detection script added to determine installed or uninstalled status of MIP apps: In macOS, Ivanti Neurons for MDM can now detect the installation or un-installation status of an application with the help of detection script. For more information, see App Catalog.
macOS devices running on M1 chip support iOS or iPadOS apps: M1 chipset MacBooks by Apple now supports iPhone and iPad VPP apps. For more information, see Viewing App Details and Distribution Filters.
FileVault Options configuration added: In macOS, FileVault Options configurations allow the administrator to enable or disable FileVault. For more information, see FileVault Options Configuration.
Support App Dependencies for iOS on Ivanti Neurons for MDM: This feature covers the following:
- The administrator can set dependent applications that are required to be installed before an app can be installed on a device.
- Main applications should be in-house app and prerequisite apps can be in-house, public or VPP apps.
- Distribution: Prerequisite applications do not need to be distributed. The applications are downloaded directly once the main app is triggered for installation. • Delegation: Prerequisite applications are auto delegated if the main app is delegated.
- Deletion: Prerequisite applications cannot be deleted from App Catalog until the prerequisite relationship is removed.
- App versions: Multiple versions of an application can have different prerequisite apps.
- Audit Trails: Addition, removal, and auto-delegation / un-delegation of prerequisite applications will be logged.
  For more information, see Viewing App Details.
App Control configuration extended to tvOS devices: In tvOS 11+ devices, the App Control configuration now supports the following app control restrictions:
- blockedAppBundleIDs
- allowListedAppBundleID
For more information, see App Control Configuration: Control Which Apps Are Installed Per Device.
User Account Driven Enrollment: In iOS 15+ devices, a new device enrollment method is introduced. An end-user registered on Ivanti Neurons for MDM can enroll a device by signing in with a Managed Apple ID. For more information, see Account driven User Enrollment.
New restrictions added: In iOS 15+, the following restriction is added:
- allowCloudPrivateRelay
For more information, see iOS Restrictions.
Enhancements in Single Sign-On configuration: The extensible single sign-on Kerberos account settings in the Single Sign-On configuration have the following enhancements in macOS 10.15+:
- preferredKDCs
- KerberosAppsInBundleIdACL
For more information, see Single Sign-On Configuration.

Windows features

Provisioning Package Enrollment with PIN: Ivanti Neurons for MDM now allows the administrators to enroll Windows desktop devices managed by SCCM. This feature bypasses the manual enrollment of the devices by the end-users. This enrollment system can be used by the administrators who manages their enterprise user devices with LDAP users and wants to migrate seamlessly to Ivanti Neurons for MDM from SCCM. The admins can generate enrollment PINs for the end-user profiles imported from the LDAP and bundle the PINs within a and further use the package for enrollment on Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.
Users can edit and delete Autopilot devices: Users have the option to edit and delete the Autopilot devices from the Ivanti Neurons for MDM administrative portal. For more information, see Configuring Windows Autopilot Profiles
Microsoft Edge configuration support: Ivanti Neurons for MDM now supports Microsoft Edge configuration in the Browser settings configuration for Windows. Microsoft Edge browser will eventually replace Microsoft Internet Explorer in Windows 11. For more information, see Browser Settings.

Ivanti Neurons for MDM 81 - New features summary

General features and enhancements

Create on-premise certificate authority: Ivanti Neurons for MDM supports the creation of an on-premise non-SCEP certificate authority.

Ensure that the connector is registered to the tenant.

For more information see Certificate configuration.
T3 instance support: The Ivanti Neurons for MDM Connector 81 now supports T3 EC2 instances.
Delegation is enabled for dynamically generated identity certificate configurations distributed to All Devices and Custom distribution options: Global administrators can delegate space administrators to edit the Dynamically Generated Identity Certificate for All Devices and for the Custom distribution option. For more information, see Working with Configurations and Identity Certificate.

The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.
Duplicate user group names available under the rule builder: The Ivanti Neurons for MDM Administrator portal now displays the number of duplicate user groups and the corresponding number of GUIDs to identify duplicate groups, when the User Group Name attribute is selected in the rule builder. Also, a table under this rule displays the list of the duplicate user groups and their details such as User Group Name, GUID, Source, and distinguished name (DN). This is implemented in the following rule builders:
- Users > User Groups > +Add
- Users > Advanced Search
- Devices > Device Groups > Add
- Devices > Advanced Search
- Admin > Spaces > Add
- Policies > Custom Policy > Add
Filter device groups by IP address: You can now create device groups by their IP addresses. IP address is now listed as one of the filters in Device Groups. The field also indicates if the specified IP address is invalid. For more information, see Device Groups.
Schedule Mobile Iron Packager (MIP) for macOS application updates: Ivanti Neurons for MDM supports scheduled updates of .MIP files. The administrator can schedule application updates based on the server time zone. By default the scheduling of applications is disabled. The application upgrades only when the device checks in within the scheduled time. For more information, see Working with Configurations.
Bulk export action supported in Configurations: Ivanti Neurons for MDM offers the bulk export action for Configurations. In previous releases, you could export all configurations or just one configuration at once. Now, you can select and export specific configurations. For more information, see Working with Configurations.
Redirect users to the Go page from the Enrollment and the Remediation pages:
- If an iOS device is not enrolled in Azure Active Directory (AAD) and you launch any of the Office 365 applications, the default Ivanti Neurons for MDM Enrollment page displays the Install MobileIron Go button that directs you to the Go app store page.
- If the enrolled device is out of compliance and you access any of the Office 365 applications, the default Ivanti Neurons for MDM Remediation page displays the Open MobileIron Go button which launches the Go application.
Quick search from the Roles Management page: The Roles Management page now lets you perform a quick search. You can search for partial words, multiple words, special characters, perform a role-specific search, and search for custom roles.

The quick search function is only applicable to the items that are listed in the Name and Description columns.

Android features

Support for Wi-Fi configuration: The Wi-Fi configuration is supported for Android Enterprise Dedicated COSU (single app) mode. For more information, see Wi-Fi Configuration.
Wi-Fi configuration - user interface updates: New icons are added to indicate the support level for different EAP types and other features during Wi-Fi configuration.
Granularity for Android devices with Lock Task Mode (LTM): When the LTM option is selected, the Settings option will be enabled for Kiosk settings as well as other apps in Kiosk mode. For more information, see Lockdown and Kiosk: Android Enterprise.
Support for Passcode complexity on Android 12+ devices: For Device Passcode on Android 12+ devices, the Passcode complexity has higher priority than the Passcode Quality. When the Passcode complexity option is set, the Passcode Quality setting will not be considered. The admin can set Passcode complexity to None, Low, Medium, or High. On Android 12.0+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity is supported and Password Quality is deprecated for Device Passcodes. The existing Passcode Quality configuration will be automatically converted to Passcode complexity for Device Passcode. For more information, see Advanced Android Passcode and Lock Screen.
Unique enrollment-specific ID support in Android 12+ devices: Supports a unique ID guaranteed to be the same value for the same device, enrolled into the same organization by the same managing app. It remains stable across factory resets or new profile installations. This is available for new installs and post-upgrade to Android 12. Supported modes are Work Profile, Work Profile on Company Owned Device, and Work Managed Device. This new field is also available for viewing in the device details page.

iOS, macOS, and tvOS features

Enable or disable the display of personal recovery key in macOS: Ivanti Neurons for MDM now allows the administrators to enable or disable the display of the personal recovery key after FileVault 2 is enabled. For more information, see FileVault 2.
User list enhancement in Shared iPad: The Users tab in the Devices page is now enhanced and shows the managed apple id as a hyperlink, clicking which redirects to user account details page in Shared iPad. For more information, see Displaying detailed device information in Getting started with Devices.
User list with last check-in time available in Ivanti Neurons for MDM user interface: For mac and shared iPad devices, Ivanti Neurons for MDM now lists all user information and their last check-in time in the Admin tab of Ivanti Neurons for MDM user interface. In Shared iPad, when ListUsers command is enabled, all managed user ids along with their check-in time are displayed. In macOS devices, when ListUsers command is enabled, all local users on the device are listed and only the last check-in details of the user who registered the device is listed. For more information, see Shared iPad for business (iPad devices) and Admin > Apple > Device Enrollment (macOS devices).
New skip key added in Device Enrollment Profile: New skip key SkipUnlockWithWatch added to Ivanti Neurons for MDM Device Enrollment Profile for macOS 12. Administrators can now enable skip to unlock with watch. For more information, see Admin > Apple > Device Enrollment.
Removable system extension added to macOS: In macOS 12 , Removable system extension configuration is added to allow applications to deactivate their system extensions without administrator approval. This configuration is useful during un-installations of apps and mainly used in deployments where the mac has no admin user. For more information, see macOS System Extension configuration.
Per-App VPN added to configurations: In iOS 14+, administrators can add a Per-App VPN configuration for network communication within the following configurations:
- Google Account configuration
- Exchange configuration
- LDAP configuration
For more information, see Google Configuration, Exchange Configuration and LDAP Configuration.
Prioritization of MIP apps installation during user onboarding: Ivanti Neurons for MDM administrators now have the option to set the priority of installation of MIP apps during user onboarding in mac devices. Applications that are only set to priority “High“ are installed during user onboarding. Administrators can set the priority of the application as one of the following within app configuration view:
- High
- Medium
- Low
For more information, see Adding an app from a public store and Adding an in-house app in App Catalog.
Managed App support for User Enrolled devices: In macOS 12, Managed App support is added to user enrolled devices. Administrator can select the "Install as Managed" option in the app configuration to install the app as a managed app. For more information, see App Configuration.
Update the OS to a specific version for macOS: Ivanti Neurons for MDM now allows the administrators to add a specific version of macOS for updating the devices enrolled on Ivanti Neurons for MDM. For more information, see Software Updates.
Select Install Action type for to macOS and iOS: Support to select an action for pending installation is also extended to iOS and tvOS. Administrators now have the option to select one of the actions for the pending iOS or tvOS installation as below:
- Default
- Download Only
- Install ASAP
The administrators also have the option to select one of the actions for the pending macOS installation as below:
- Default
- Notify Only
- Install Later
- Install Force Start
- Download Only
- Install ASAP
For more information, see Software Updates.
Device lock command support extended to mac devices running on Apple silicon: On Apple M1 chipset devices running on macOS 11.5+, Administrators can now set a six-digit pin to unlock the device. Once the pin is entered, users can login to the device.
Lock screen message field and Phone number field added to macOS device lock option: Ivanti Neurons for MDM now has the optional lock screen message field and phone number field added to macOS 11.5+ device lock menu on the device details page. For more information, see Locking a Device.
Set recovery lock to enter macOS recovery: Ivanti Neurons for MDM now allows administrators to set the recovery lock to enter recovery mode on macOS devices running on Apple silicon. The status of the recovery lock of a device is visible from Devices > Overview > Recovery Lock. This information is also visible from Device Groups tab and Advance Search field under Devices tab. For more information, see Displaying detailed device information in Getting started with Devices, Adding a device group in Device Groups and Setting or changing recovery lock.
Hungarian and Swedish language support for registration and privacy page: The registration and privacy page of iReg registration now supports Hungarian and Swedish language.
Remote restart and shutdown feature now extended to macOS: Ivanti Neurons for MDM now supports remote restart and shutdown for macOS 10.13+ devices. For more information, see Restarting or shutting down devices.
Software update recommendation cadence configuration added to iOS: In iOS or ipadOS 14.5+, software update recommendation cadence configuration gives administrators an option to allow users to view and update the devices to the highest-numbered (most recent) release or lower-numbered (oldest) release. For example, administrators now have the option to update the device to the next major release of iOS 15 or update the newer minor release of iOS 14.8.x. For more information, see Software update recommendation cadence configuration.

Windows features

Create Autopilot Profiles: Administrators can create Autopilot Profiles on Windows devices. To manage the Windows Autopilot Profiles, the User Source must be configured in the AAD. For more information, see Configuring Windows Autopilot Profiles.
Enroll Autopilot Profiles in Self-Deploying mode: The Autopilot Profiles can now be enrolled under the following modes:
- Self-Deploying mode.
- User-Driven (Pre-provisioning mode)
Automatically push specific configurations to devices during enrollment: When a device is enrolled into the Ivanti Neurons for MDM administrator portal, the following configurations are pushed automatically before the user logs in to the device:
- Identity Certificate
- Wi-Fi
- Windows Hello For Business
- Windows Restrictions

The rest of the configurations are in Pending state and are pushed after the user logs in to the device using an email address.

Device enrollment for HoloLens 2 devices in Autopilot mode: In some rare cases, HoloLens 2 device with Autopilot Self-deploying enrollment mode gets stuck on the Setting up your device for work screen. The user must power off and on the device to continue with the enrollment process. For more information, see Configuring Windows Autopilot Profiles.
TenantLockdown CSP for Windows devices: The Windows devices enrolled using Autopilot can be locked to tenants using the TenantLockdown CSP feature. This is useful when the devices are stolen or lost. For more information, see TenantLockdown CSP.
Configuration of the Teams Chat icon on the taskbar: For Windows 11 Enterprise edition, you can control the behavior of the Teams chat icon on the taskbar. See Windows Restrictions for complete information.
Include Trusted Platform Module (TPM) version and memory information in reports: Administrators can create reports that include TPM version and memory information for devices. See Using Scheduled Reports and Using Custom Reports.

Ivanti Neurons for MDM 80.2 - New features summary

General features and enhancements

Downloading device reports:Administrators can download device reports using the Export to CSV option. After the report is ready, the Ivanti Neurons for MDM prompts to download or delete the report, and sends an email with the download link. When a report download is in progress from the Ivanti Neurons for MDM administrator portal in one browser window, you have the ability to download reports from another browser window.
Schedule or force check-in devices: Devices can check-in to the Ivanti Neurons for MDM portal according to the schedule, or the administrator can check it in using the Force check-in Device Action option from the Actions menu drop-down list. The Audit Trails page audits and lists the device check-in status as follows:
If a device checks-in as per schedule the following audit status appears:
- Check-in Device Action Performed
If the administrator uses the Force Check-in option, the following audit statuses appear:
- Force Check-in Device Action Performed
- Check-in Device Action Performed
If the Device Check-in Trails option is turned ON, the Audit Trails page audits device check-in and displays the list of all the actions that were performed on the devices. However, if the Device Check-in Trails option is turned OFF and the administrator performs a force check-in of a device, then the Audit Trails page displays just the Force Check-in Device Action Performed status.
For more information, see Working with Widgets and User Roles.
Change of color in the left navigation panel of the Ivanti Neurons for MDM admin portal: The left navigation panel color of the Ivanti Neurons for MDM administrator portal is now white from blue. Ivanti Neurons for MDM no longer offers the ability, formerly available with the now removed New Look radio button, to switch from the newer left navigation to the older horizontal navigation that appeared as tabs across the top of the Ivanti Neurons for MDM window.
Tooltip to view complete row item in the Audit Trail page: If a row item extends beyond the default column width and is hidden due to the column border, an ellipsis appears, and when you mouse-over on the ellipsis, the complete row item appears as a tooltip. For more information, see Working with Widgets.
Audit Trails are enabled by default: Audit Trails is enabled by default for all tenants. The tenant can opt-in or out of Device Check-in Audit Trails. For the tenants that were enabled with Audit Trails prior to this release, the check-in events stay enabled. For all other tenants' devices, the check-in trails are disabled. Audit Trails helps you to track configuration changes, provides a security record, documentation, and serves as chronological evidence of events in the Ivanti Neurons for MDM administrator portal. Also, Audit Trail provides the mechanism to troubleshoot issues when customer support is engaged. For more information, see Working with Widgets.
Schedule in-house application updates: Ivanti Neurons for MDM automatically updates in-house applications when a device checks in. Administrators can now schedule in-house application updates based on the server time zone. The application updates only when the device checks in within the scheduled time. By default, the scheduling of application updates is disabled.
This configuration is applicable only for updates and not a new installation. You can use the Send install/update command to override the auto-update schedule for iOS applications. The configuration is applicable only for the following application types:
- iOS in-house applications.
- Android in-house applications that are only in DO mode.
- macOS applications that are only of .pkg format.
- Windows applications.

For more information, see Working with Configurations.

User Group Distinguished Name: The User Group Distinguished Name (DN) attribute is added to the rule builder drop-down list to help identify duplicate user groups when the User Group Name attribute is used in the rule builder. The DN attribute can be displayed in the User Group list view. However, by default, the DN column is not visible. You must select the DN option from the Actions drop-down list. The User Group DN attribute supports all standard operators. User Group DN is applicable for the groups that are sourced from LDAP.

The User Group DN attribute is added to following rule builders drop-down lists:
- Users > User Groups > Add
- Users > Advanced Search
- Devices > Device Groups > Add
- Devices > Advanced Search
- Admin > Spaces > Add
- Policies > Custom Policy > Add
For more information, see User Groups.
Number of in-house application versions limit set to 100: The number of in-house application versions is limited to 100. If that number is exceeded, Ivanti Neurons for MDM system purges the oldest versions of the application. The status of the application upload and purge is listed and is visible from the Audit Trails page. For more information, see App Catalog.
Application distribution is allowed to a maximum of 100 entities: You can deploy an application to a maximum of 100 entities at once. The limit is applicable to the following entities:
- Application configuration-selection of Users, User Groups, Devices, Device Groups for send app install command.
- Configurations
- Policies
For more information, see the following topics:
Azure Intune Device user UPN attribute is available: The Azure Intune Device user UPN attribute is listed in the Device Details page.
- Perform a clean uninstall of Mobile@Work for macOS: If you have enabled the option Remove apps on un-enrollment(Applicable to managed apps only) during installation of Mobile@Work for macOS and if you initiate the device to be retired from the Ivanti Neurons for MDM administrator portal, then Ivanti Neurons for MDM deletes the Mobile@Work for macOS application and the uninstall script from the device, but does not prevent processes and scripts from running in the back end. To prevent processes and scripts from running in the back end, ensure that during device registration of new users or retirement of existing users, you deselect the Remove apps on un-enrollment(Applicable to managed apps only) option from the Ivanti Neurons for MDM administrator portal. This ensures that the uninstall script runs and deletes the associated processes and scripts from the back end. For more information, see Mobile@Work for macOS
Permission text updated with categories: The Roles Management page now includes the category with the permissions. For more information, see Roles Management.
Migrated Android Enterprise devices can switch to Ivanti Neurons for MDM-managed Google Play Store layout: The Google Play Store layout for Android Enterprise devices has a home page for migrated devices which is managed from Core and has a quick link to Ivanti Neurons for MDM that displays all the applications that are managed from Ivanti Neurons for MDM. Starting from Ivanti Neurons for MDM release 80, when you migrate Android Enterprise devices from Core to Ivanti Neurons for MDM, only the applications that are common between Core and Ivanti Neurons for MDM App Catalog are listed in the work profile Google Play Store of the device. You can click on the Ivanti Neurons for MDM button to view all the applications that are available in Ivanti Neurons for MDM App Catalog. For more information, see App Catalog.
Connector pop-up message: If an administrator logs in to an Ivanti Neurons for MDM environment with a Connector version less than 74, Ivanti Neurons for MDM displays a pop-up message advising to upgrade the Connector to version 74.

Android features

Redesigned Email+ tiles in App Catalog: The Email+ (Android Enterprise) tile is more consistent with other tiles.
Auto-launch on install option: The Auto-launch on install option is now available for Public, Private, and In-house apps in the Managed Play App Configuration section. For more information, see Managed Configurations for Android.

iOS, macOS, and tvOS features

macOS System Extension configuration: macOS System Extension configuration allows system extension such as Driver Extension, Network Extension and Endpoint Security Extension to be installed without kernel-level access. For more information, see macOS System Extension configuration.
User Onboarding Branding for macOS: Administrators can now set custom icon, brand name text, and text color for the user on-boarding screen. For more information, see Admin > Branding > User Onboarding Branding.
AirPlay Configuration for macOS: AirPlay configuration is now supported on macOS 10.10+ devices to display media on another Apple device using AirPlay. Airplay Configuration allows to set the list of Airplay destinations available to a device and set password to connect to the destination devices. For more information see AirPlay Configuration.
Per-App VPN added to configurations: In iOS 14+, administrators can add a Per-App VPN configuration for network communication within the following configurations:
- CalDAV configuration
- CardDAV configuration
For more information, see CalDAV Configuration and CardDAV Configuration.

Windows features

Support for Windows 11: Devices upgraded to Windows 11 report OS version as Windows 11. As per Microsoft design, Edition and Platform, OS Platform and OS Edition, report as Windows 10.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.