New features summary

These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.

Ivanti Neurons for MDM 124 - New features summary

General features and enhancements

App Locale display behavior: If an app reported by the device in a different locale is not available in the iTunes cache, it does not appear in the App Catalog for any tenant. In this case, the Installed Apps tab still shows the app using the locale reported by the device.
Escrow Cert support: Escrow Cert support is now available for DigiCertOne.
Last Check-in or Client Last Check-in Filtering enhancement: Enhanced the filtering capabilities for "Last Check-in" field. Administrators can now identify devices with no reported check-in (LASTCHECKIN HAS_NO_VALUE) using Last Check-in is blank filter. This allows efficient detection and removal of devices that have never checked in.
For more information, see Custom Policy.
Granular Kiosk Mode Permissions: A new space-specific permission for "Enter/Exit Kiosk Mode" actions is introduced in custom role configurations, enabling administrators to grant access to these device commands without assigning broader device management privileges. Device action menus will display Enter Kiosk Mode and Exit Kiosk Mode options only to users with this permission in the relevant space.
For more information, see Roles Management.
Dynamic Device Groups from Advanced Search Queries: Administrators can now create Dynamically Managed Device Groups by importing existing saved queries. A new Load from Advanced Search tab is available exclusively for the Dynamically Managed Device Groups of the "Create Device Group" interface, allowing administrators to directly load advanced search queries that were previously saved on the Devices page.
For more information, see Device Groups.

Android features

eSIM Configuration: eSIM Configuration is now supported on Work Profile, Work Managed Device, and Work Profile on Company Owned modes of Android 15 and later versions. For more information, see eSIM Configuration.
Support for EID: Request EID option is now available on Android 13+ devices. For more information, see eSIM Configuration.
Introduction of Support Tab configuration settings: You can now configure the Support Tab settings for Ivanti Go for Android directly from Ivanti Neurons for MDM. This enhancement centralizes management, allowing administrators to update support contact details and guidance without requiring changes on the device. This improvement helps users access accurate support information more quickly and reduces administrative effort. For more information, see Ivanti Go Client Settings.
Enhanced Support Tab option: Administrators can configure a secure support portal URL to redirect end users from the Ivanti Go app. This allows users to access the organization’s support system directly from the Support tab. For more information, see Ivanti Go Client Settings.
Support for Active SIM Service Subscription: For supported Android devices, Ivanti Neurons for MDM now displays SIM Service Subscription details for multiple active subscriptions, improving visibility and management of dual‑SIM and multi‑SIM devices. For more information, see Getting Started with Devices.
Support to clear App Cache: Ivanti Neurons for MDM now allows administrators to clear app cache on supported Android Enterprise devices using the Clear App Cache Request option. This helps in resolving app‑related issues without reinstalling the app. For more information, see App Configuration.
Enhanced Device Details: The Android Security Patch Level field on the Device Details page displays the date of the latest security patch installed on the device. Administrators can use this information to quickly verify device security status and ensure compliance with organizational security requirements.

iOS, macOS, watchOS, visionOS, and tvOS features

Latest Minimum OS Version for Enrollment Profile: Administrators can now set the latest OS version required for device enrollment on iOS 17+ and macOS 14+ devices. For more information, see Device Enrollment.
Improved Device Details: Administrators can now remotely lock managed macOS devices and securely view the system generated unlock PIN. For more information, see Getting Started with Devices.
Enhanced Custom Configuration: Ivanti Neurons for MDM now supports tvOS in Custom Configuration. For more information, see Custom Configuration.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.

Ivanti Neurons for MDM 123 - New features summary

General features and enhancements

In-House App Enhancements: The in-house app upload UI has been updated to include a platform selection step before submission.
Enhanced App Configuration: The app configuration Key Chain Certificate Alias dropdown now displays more than 500 certificates, making all tenant certificates visible and selectable.
Automatic App Updates: The Enable MDM App Auto-Updates checkbox in the App Configurations > Install on device >Install Application configuration settings has been replaced by the Automatic App Updates dropdown. Select Always On to enable updates or Always Off to disable them.
A new Store Settings option is also available as a placeholder for future Declarative Device Management (DDM) support. This currently has no functional impact.
Platform Selection for App Uploads: When uploading an In-House app, users must now select the target platform (Apple, Android, or Windows) before choosing a file. This replaces the legacy auto-detection system that previously identified platforms based on file extensions like .apk, .ipa, or .exe. By defining the platform first, it enables a validation layer that ensures the uploaded file matches the intended target. This prevents cross-platform mismatches and ensures apps are categorized correctly from the start.
For more information, see Adding an in-house app.
Enhanced Certificate Management: This update introduces enhanced scalability for Android app management configurations. The certificate selection dropdown, accessible when converting standard text fields, now supports large-scale enterprise environments by allowing users to browse and select from more than 500 certificates.
Dynamic Substitution Variables for Notifications: Administrators can now use substitution variables to personalize push and email notifications with dynamic data instead of relying solely on static text. This enhancement provides greater flexibility by allowing custom text to be combined with automated variables like Email ID for more professional and context-aware communication. For more information, see Sending a Message.
Google BeyondCorp Integration: Added support for an app-managed configuration P-List to enable the Google BeyondCorp server to uniquely identify each device. For more information, see Google BeyondCorp Configuration.
OS Build Version filter for new device groups: Administrators can now create device groups based on OS Build Version filters when configuring Dynamically Managed device groups from the Device Group page.
Audit Trial Logs for Device Groups: The Audit Trials section now lists all the actions performed on Device Groups such as Add, Edit, or Delete.
Manage App Distribution permission for custom roles: Manage App Distribution permission is now available for custom roles under Admin -> System -> Roles Management. For more information, see Roles Management.

iOS, macOS, watchOS, visionOS, and tvOS features

Software Update Settings UI update: The restriction name has been updated from Rapid Security Response to Background Security Improvements. For more information, see Software Update Settings Configuration.
Enhanced support for Apple Device Enrollment: Added a new Device Enrollment option that prevents a device enrollment profile from being applied when a device is restored from a backup on iOS 26+ and visionOS 26+ devices. This ensures the profile is only used during fresh enrollments, not during backup restores. For more information, see Device Enrollment.
Support for executing macOS scripts: You can now run macOS shell scripts on managed macOS devices directly through Device Actions in Ivanti Neurons for MDM. This enhancement gives admins a faster and more reliable way to trigger script execution without manually deploying configurations or relying on separate workflows. It also improves day‑to‑day device management by allowing quick troubleshooting, automated maintenance, and targeted remediation actions as needed. For more information, see Mobile@Work for macOS.
DDM Passcode Setting Declaration: This update introduces a hybrid distribution model for Passcode settings, enabling a transition from traditional MDM (XML P-list) to the modern DDM (JSON) framework. While the UI remains unchanged for core settings like passcode length and complexity, the backend now supports new DDM predicates for iOS and macOS to ensure platform-specific compatibility. The Passcode configuration is now officially tagged as DDM Supported, appearing correctly when users filter the "Add+ Config" screen by DDM capability.