New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.
General features and enhancements
-
Compliance Policy Email alerts: When creating a Custom Policy, you can set the Compliance Policy Email alerts to be received by the administrators only. For more information, see Custom Policy.
-
Audit Trails for Contents: Starting with R125, an Audit Trail entry is created when a Content item or Category is created/edited/deleted.
-
Slow Rollout of Configurations: Administrators can now set the configurations to be rolled out in stages and in a controlled manner. Currently, this option is supported only for VPN and Wi-Fi configurations. For more information, see App Configuration.
-
Defer App Updates: Added support for deferring app updates by a specified number of days, allowing administrators to delay the automatic installation of new app versions. This option is available for iOS public and vpp apps only. Deferral days should be set lesser than the general app update frequency to ensure timely updates. For more information, see Working with Configurations.
-
Standalone (Local) CA expiry notifications : Administrators can now view the certificate authority expiry notification if the certificate expiry date is less than 30 days. For more information, see Certificate Management.
-
Improved Rule Criteria: Advanced Search and Distribution Filters now support the Automated Device Enrollment Enabled attribute, allowing administrators to create rules for automated device provisioning and enrollment during setup.
-
Apple Network Security stricter requirements: The requirement for Ivanti Neurons for MDM to support TLS 1.2 or later has been implemented and is fully compliant with the Apple network security standards.
Android features
-
Device Registration Settings failure messages : The device registration settings failure messages have been updated to provide more clarity about the failure reason. For example, the Minimum Security Patch failure message was appearing as "Unable to complete registration (device is blocked). Please contact your administrator." This message is now updated to appear as follows - "Unable to complete registration (The security patch is out of date). Please contact your administrator."
iOS, macOS, watchOS, visionOS, and tvOS features
-
Notification for DEP Server Sync Failures: Ivanti Neurons for MDM now notifies administrators when a DEP server sync fails. Previously, administrators had to check the Device Enrollment tab to identify sync issues. This notification improves visibility and helps administrators identify failed syncs more quickly. If you delete a DEP server, the system also deletes all notifications associated with that server. For more information, see Device Enrollment.
Windows features
-
Pre-install version detection for MSI deployments: The Check existing version on device checkbox adds a detection step before installing MSI-based in-house apps. This feature helps prevent unintended downgrades and unnecessary re-installs, especially for self-updating apps. For more information, see Managing Windows Applications.
-
Windows eSIM Configuration: The Device Details page now shows whether a newly registered device is eSIM capable or not. Administrators can even restrict making any changes to the existing eSIM profiles. For more information, see eSIM Configuration and Windows Restrictions Configuration.
-
Windows AI Configuration update: Microsoft has deprecated the TurnOffWindowsCoplilot policy option used by this configuration. For more information, see Windows AI Management Configuration.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
App Locale display behavior: If an app reported by the device in a different locale is not available in the iTunes cache, it does not appear in the App Catalog for any tenant. In this case, the Installed Apps tab still shows the app using the locale reported by the device.
-
Escrow Cert support: Escrow Cert support is now available for DigiCertOne.
-
Last Check-in or Client Last Check-in Filtering enhancement: Enhanced the filtering capabilities for "Last Check-in" field. Administrators can now identify devices with no reported check-in (LASTCHECKIN HAS_NO_VALUE) using Last Check-in is blank filter. This allows efficient detection and removal of devices that have never checked in.
For more information, see Custom Policy. -
Granular Kiosk Mode Permissions: A new space-specific permission for "Enter/Exit Kiosk Mode" actions is introduced in custom role configurations, enabling administrators to grant access to these device commands without assigning broader device management privileges. Device action menus will display Enter Kiosk Mode and Exit Kiosk Mode options only to users with this permission in the relevant space.
For more information, see Roles Management. -
Dynamic Device Groups from Advanced Search Queries: Administrators can now create Dynamically Managed Device Groups by importing existing saved queries. A new Load from Advanced Search tab is available exclusively for the Dynamically Managed Device Groups of the "Create Device Group" interface, allowing administrators to directly load advanced search queries that were previously saved on the Devices page.
For more information, see Device Groups.
Android features
-
eSIM Configuration: eSIM Configuration is now supported on Work Profile, Work Managed Device, and Work Profile on Company Owned modes of Android 15 and later versions. For more information, see eSIM Configuration.
-
Support for EID: Request EID option is now available on Android 13+ devices. For more information, see eSIM Configuration.
-
Introduction of Support Tab configuration settings: You can now configure the Support Tab settings for Ivanti Go for Android directly from Ivanti Neurons for MDM. This enhancement centralizes management, allowing administrators to update support contact details and guidance without requiring changes on the device. This improvement helps users access accurate support information more quickly and reduces administrative effort. For more information, see Ivanti Go Client Settings.
-
Enhanced Support Tab option: Administrators can configure a secure support portal URL to redirect end users from the Ivanti Go app. This allows users to access the organization’s support system directly from the Support tab. For more information, see Ivanti Go Client Settings.
-
Support for Active SIM Service Subscription: For supported Android devices, Ivanti Neurons for MDM now displays SIM Service Subscription details for multiple active subscriptions, improving visibility and management of dual‑SIM and multi‑SIM devices. For more information, see Getting Started with Devices.
-
Support to clear App Cache: Ivanti Neurons for MDM now allows administrators to clear app cache on supported Android Enterprise devices using the Clear App Cache Request option. This helps in resolving app‑related issues without reinstalling the app. For more information, see App Configuration.
-
Enhanced Device Details: The Android Security Patch Level field on the Device Details page displays the date of the latest security patch installed on the device. Administrators can use this information to quickly verify device security status and ensure compliance with organizational security requirements.
iOS, macOS, watchOS, visionOS, and tvOS features
-
Latest Minimum OS Version for Enrollment Profile: Administrators can now set the latest OS version required for device enrollment on iOS 17+ and macOS 14+ devices. For more information, see Device Enrollment.
-
Improved Device Details: Administrators can now remotely lock managed macOS devices and securely view the system generated unlock PIN. For more information, see Getting Started with Devices.
-
Enhanced Custom Configuration: Ivanti Neurons for MDM now supports tvOS in Custom Configuration. For more information, see Custom Configuration.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.