New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.
General features and enhancements
-
Improved Left Navigation: The left navigation menu has been improved to enhance the user experience, and to make it consistent with Ivanti Neurons and ITSM. For more information, see Unified Navigation.
-
Enhanced options to export device custom attributes: Users can export the device custom attributes from the App Inventory list to CSV file.
For more information, see Assigning Custom Attributes to Devices.
Android features
-
Play Integrity support: Play Integrity (SafetyNet) is now supported on all versions of Android devices. For more information, see Play Integrity (Previously SafetyNet Attestation).
iOS, macOS, watchOS, visionOS, and tvOS features
-
Added new Device Enrollment options for iOS devices as follows:
-
Skip Web Content Filtering Pane (18.2+)
-
Skip Spoken Language (13.0+)
For more information, see Device Enrollment.
-
-
Added new Restrictions for iOS and macOS devices as follows:
-
Allow External Intelligence Integrations
-
Allow External Intelligence Integrations Sign-In
-
Allow Default Browser Modification
-
Skip Web Content Filtering Pane
-
Allow Call Recording
-
Allow Mail Summary
-
Allow RCS Messaging
-
Allow Media Sharing Modification
For more information, see iOS Restrictions and macOS Restrictions.
-
-
Enhanced Wi-Fi configuration support for macOS devices: The Disable MAC Address Randomization now supports macOS 15.0+ devices. For more information, see Wi-Fi Configuration.
-
Improved Single Sign-On configuration setting: Added Denied Bundle Identifiers configuration setting in Extensible single sign-on account settings for iOS and macOS devices. For more information, see Single Sign-On Configuration.
-
Support for automated device enrollment for visionOS devices: Use the Skip user login option to automatically enroll devices operating with visionOS platform. For more information, see Device Enrollment.
-
Enhanced User Settings: Added a new policy field Maximum number of Apple watchOS devices to pair with an iPhone for watchOS 10.0 + devices in Users > User Settings > Device Limit Setting, which limits the number of Apple Watches that can be paired with a device.
For more information, see User Settings. -
Updated Extensible single sign-on Kerberos account settings: New fields are added for Extensible single sign-on Kerberos. Administrators can now configure the password and smartcard settings with these options.
For more information, see Single Sign-On Configuration.
Windows features
-
Custom Policy option for Autopilot-Enrolled devices: A new option, "Autopilot Enrolled" is now available when creating a custom policy. For more information, see Custom Policy.
-
Rate Limit: All Windows devices can now be checked into Ivanti Neurons for MDM only one time per minute.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
Global Announcements: The Ivanti Neurons for MDM top navigation now has the Global Announcements icon on the upper-right section of the landing page. For more information, see Unified Navigation.
-
Enhanced search capability of Installed Apps for a device: Administrators can now search all the Installed Apps for a device using the App Name and Bundle or Package ID. For more information, see Getting started with Devices.
-
Added a new option in App Catalog: The Export to CSV option has been added to the App Catalog page allowing users to export app details, including all app versions, to a CSV file. For more information, see App Catalog.
Android features
-
New battery attributes added: New battery attributes Battery Health Status, Battery Health Percentage (OEM) and Battery Charge Cycles (OEM) are added for the Dashboard. Admins can now easily evaluate battery health, check percentages, and monitor charge cycles on the dashboard itself.
-
Added new App usage metrics: Administrators can now enhance reports with Daily usage (in hours), Weekly usage (in hours), Monthly usage (in days), and Yearly usage (in days) metrics. When creating a report in the dashboard, you can now select these metrics under the Customize Columns section. When the report is generated, the new field values will be visible in the downloadable CSV files of application reports.
iOS, macOS, watchOS, visionOS, and tvOS features
-
Added a new field in the Report Columns: A new field Model (Apple) is added to Blocked Devices report, Policy Violations report and Devices Report that shows the list of registered Apple devices in Ivanti Neurons for MDM. When creating a report in the dashboard, you can now select the Model (Apple) field under the Customize Columns section. When the report is generated, the new field value will be visible in the downloadable CSV and PDF files of the Blocked Devices, Policy Violations, and Devices.
-
Introduction of Disk Management configuration: Administrators can now use Disk Management configuration to effectively define and manage data in external and network storage devices. For more information, see Disk Management Configuration.
-
Update settings in VPN configurations for IKEv2: Administrators can now configure Post-quantum Pre-shared key (PPK) with VPN servers that support RFC 8784 in IKEv2 VPN configuration settings. For more information, see VPN Configuration.
-
Updated Extensible single sign-on account settings: Administrators can now configure the Password settings in the Authentication Method field. For more information, see Single Sign-On Configuration.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
Added new User Settings options: The Self Service Portal User Management Setting has been added to the User Settings section, featuring the options Edit Account Details and Edit Password. Users can edit account details or password in the self-service portal, unless the admin disables this option. Admins can also create and target different settings for various user groups and manage the priority of these settings in case of conflicts.
-
Deleting multiple devices from Devices List View: Added the option to select and delete multiple devices from the Devices List View.
-
New field added in policy violation report column: A new field Last Check-In is added to the policy violation report columns, that shows the last check-in value of the device. When creating a report in the dashboard, you can now select this field under the Customize Columns section. When the report is generated, the new field value will be visible in the downloadable CSV and PDF files of policy violation reports.
Android features
-
Improved device’s battery details reporting: When generating reports for Android devices, you can now get detailed information about the device’s battery such as:
-
Battery Health Status - As reported by the Android OS
-
Battery Charging Status - As reported by the Android OS
-
Battery Health Percentage (OEM Specific) - Battery health in percentage for supported device manufacturers such as Zebra devices
-
Battery Manufacture Date (OEM) - Battery manufactured date for supported device manufacturers such as Zebra devices
-
Battery Charge Cycles (OEM) - Number of cycles completed in total for supported device manufacturers such as Zebra devices
On the Create Devices Report page, you need to select the above listed options, and click Create. You can download the devices report as a .csv file or a pdf or both.
You can also use advanced search to fetch the Battery Health Status and Battery Health Percentage details.
-
-
Android Security PatchLevel in Device Reports: The Android Security Patch Level field that is existing in the Device details page is now available in the Create Devices Report page as well. You can include this information when generating a report related to Android devices.
-
Skip passcode reset prompt on device: You can now skip the passcode reset prompt for users on a device when you want to set the passcode on a device or multiple devices from Ivanti Neurons for MDM. For more information, see Unlocking a Device.
iOS, macOS, watchOS, visionOS, and tvOS features
- Addition of Software Update Settings configuration: Starting with this release in Ivanti Neurons for MDM, you can configure the Software Update Enforcement Settings to control the cadence and deferrals of the updates efficiently. For more information, see Software Update Settings.
-
Addition of Safari Extension Settings Configuration: Starting with this release in Ivanti Neurons for MDM, you can effectively configure and manage the Safari Extension Settings Configuration even during private browsing. For more information, see Safari Extension Settings Configuration.
-
Added new Restrictions for iOS and macOS devices as follows:
-
Allow eSIM Outgoing Transfers: Allows the transfer of an eSIM to a different device from the device on which the restriction is installed.
-
Genmoji: Allows the creation of Genmojis.
-
Image Playground: Allows the use of image generation.
-
Image Wand: Allows the use of Image Wand.
-
iPhone Mirroring: Allows the iPhone to mirror in a macOS device.
-
Personalized Handwriting Results: Allows the system to generate text using the user's handwriting.
-
Video Conferencing Remote Control: Enables a remote FaceTime session and requests control of the device.
-
Writing Tools: Enables Apple Intelligence writing tools.
For more information, see iOS Restrictions and macOS Restrictions.
-
-
Added support to fetch and display Battery Health Status of Apple devices: Added a new field Battery Health Status for iOS 17+ and macOS 14+ devices to track battery health changes. This field is now available in the Device Details, Device groups, Advanced Search, and Policies. New values for Battery Health Status include:
-
Non-genuine
-
Unknown
-
Service Recommended
-
Unspecified Failure
-
Unsupported
-
Normal
The devices will start reporting changes in Battery Health Status to the MDM server. For more information, see Getting Started with Devices.
-
-
Enabled 5G Network Slicing in VPN configurations: Support for 5G network slicing has been added to VPN configurations. VPN tunnels are specifically scoped using Cellular Slices, identified by a Data Network Name (DNN) or an App Category. This ensures precise VPN tunnel targeting to the specified Cellular Slice. For more information, see Per-app VPN Configuration.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Added new dynamic threat detections in MTD Zimperium for local network threat actions: Starting with this release in Ivanti Neurons for MDM, new dynamic threat detection definitions have been added for iOS and Android devices. For more information, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
Enhancements to App Configurations: In the App Configurations settings, the administrators can enable the Do not install app on newly enrolled devices checkbox to prevent the apps from installing on newly enrolled devices. (This feature is currently unavailable).
-
Unified Navigation: The Ivanti Neurons for MDM top navigation now has the Notifications, Help, Neurons App Switcher, and Account options on the upper-right section of the landing page. For more information, see Unified Navigation.
-
Google BeyondCorp integration: Google BeyondCorp is now integrated with Ivanti Neurons for MDM. For more information, see Google BeyondCorp Configuration.
-
Enhanced App Catalog Visibility setting: Do not show app in end user App Catalog setting is now independent of the Device Installation Configurations functionality and has been relocated from the Device Installation Configuration level to the Configuration Setup level. (This feature is currently unavailable).
-
New Self-Registration PIN Generation option: Starting with this release, you can now generate device registration PINs directly without sending an invite email. For more information, see Adding Users.
-
Added a new option in User Groups: The Import User Groups from CSV option is added to the Add functionality of User Groups section. This option allows the administrators to create user groups and add users to the created groups/existing groups using a CSV file.
For more information, see User Groups -
Emailing empty reports: Emails won't be sent to the users in case of empty reports. This is applicable for all reports.
Android features
-
Introduction of configuration settings to update the managed apps: Starting with this release in Ivanti Neurons for MDM, new configuration settings have been introduced to update the app when there is a change in the app version and configurations. For more information, see Managed Configurations for Android.
iOS, macOS, watchOS, visionOS, and tvOS features
- Introduced support management for watchOS and visionOS: Ivanti Neurons for MDM now manages watchOS and visionOS platforms. For more information, see Deploying Apple Devices.
The watchOS is not supported on Private Cloud.
- New column added for Apple devices: Added a new field, Distributor Identifier, for iOS devices in the Installed Apps tab within Device Details and App Inventory sections. This enhancement enables users to install applications from marketplaces other than the App Store. The Distributor Identifier field displays the associated app identifier.
-
Added new iOS Restrictions for supervised devices:
-
Allow Web distribution App Installation: Select to allow the users from installing apps directly from new alternative websites.
-
Allow Auto Dim: Select to allow auto dimming option on iPads with OLED displays.
For more information, see iOS Restrictions.
-
-
Software Updates Enforcement using Declarative Device Management (DDM): The administrator can enforce Software Updates installation on iOS, macOS, and iPadOS devices using DDM. For more information, see Software Updates.
Windows features
-
Introduction of Energy Saver configurations for Windows: Starting with this release in Ivanti Neurons for MDM, you can now use Energy Saver configurations to efficiently manage your Windows 10+ devices when the devices are plugged into an external power source or when the devices are consuming internal battery power. For more information, see Energy Saver Configuration.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Support for MTD activation and MTD anti-phishing rules: Admins can now create rules based on the MTD activation status and also MTD anti-phishing protection status. These attributes are now available in the rule builders for the Policies, Devices, Reports, Device Groups, Spaces, and Configs. The following attributes are added:
-
Anti-phishing native status
-
Anti-phishing status
-
Anti-phishing VPN status
-
MTD activation status
-
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
Enhanced identification of policy violations: Starting with this release in Ivanti Neurons for MDM, you can assign custom policies to identify policy violations for retire-pending and wipe-pending devices. For more information, see Custom Policy.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Support for MTD activation and MTD anti-phishing rules: Admins can now create rules based on the MTD activation status and also MTD anti-phishing protection status. These attributes are now available in the rule builders for the Policies, Devices, Reports, Device Groups, Spaces, and Configs. The following attributes are added:
-
Anti-phishing native status
-
Anti-phishing status
-
Anti-phishing VPN status
-
MTD activation status
-
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
-
New App URL option in App Catalog Details: Administrators can copy the application URL to the clipboard, allowing them to quickly share it with end-users for easier identification of the apps they need to download.
To access the App URL option:
-
Go to Apps > App Catalog > Details.
-
Click Copy link to clipboard.
- From the Devices section, select the desired device and click on Actions > Send Message.
The message is sent either as a push notification or as an email. Once the message is sent to the device, the user can click the link, which redirects to the app details to install the application.
-
Android features
-
Added a new attribute in the rule builder for Android or ChromeOS based devices: Starting with this release in Ivanti Neurons for MDM, the attribute Public IP Address is added to the rule builders of Device Groups, Custom Policy, and Advanced Search > Devices. Ivanti Neurons for MDM displays the device's IP address, and if the device is connected to a VPN connection or a proxy server, it shows the proxy WAN IP address.
iOS, macOS, and tvOS features
-
New option Rotate the FileVault Key added to FileVault 2 configuration: This feature allows the admins to configure periodic rotation of FileVault keys for macOS devices to mitigate security risk of the deployed devices. Admins can set the rotation interval in terms of days. The feature is available for macOS 10.9+ devices. For more information, see FileVault 2.
Windows features
-
Introduction of Windows AI Management configuration for Windows devices: Starting with release in Ivanti Neurons for MDM, administrators can manage Window AI settings and configurations that enhances creativity and productivity in Windows devices. For more information, see Windows AI Management Configuration.
-
Multi app Kiosk supported for Windows 11 devices: The multi app kiosk is now supported on Microsoft Windows 11 devices. In Microsoft Windows 11, the "Hide Taskbar" option is not supported.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Support for MTD activation and MTD anti-phishing rules: Admins can now create rules based on the MTD activation status and also MTD anti-phishing protection status. These attributes are now available in the rule builders for the Policies, Devices, Device Groups, Spaces, and Configs. The following attributes are added:
-
Anti-phishing native status
-
Anti-phishing status
-
Anti-phishing VPN status
-
MTD activation status
-
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
General features and enhancements
- New Optional Quarantine action: A new Optional Quarantine action, 'Remove all configs except the following'is available now to remove all configurations with few exceptions. For more information, see Working with Policies.
- Managed App Configuration updates: The administrator now has the option to update the configuration with the latest features. For more information, see Managed Configurations for Android.
- Enhancement in Device Actions: A new permission Start TeamViewer Session is added to the Device Actions section. This option allows the administrator to create a custom role, which provides permission to initiate a TeamViewer session. For more information, see Roles Management.
- New option in Quarantine Actions: A new option Remove all apps except the following is added in the optional additional quarantine actions to remove all applications except those that are added to the application list. For more information, see Working with Policies.
- Improvised options to notify policy violations to administrators: Starting with this release of Ivanti Neurons for MDM, you can configure it to notify the administrators if the device owner violates the policy rules. Additionally, you can configure to notify multiple administrators in case of policy violations. For more information, see Custom Policy.
- Enhanced options to export app-specific information: Starting with this release of Ivanti Neurons for MDM, you can export information about all the applications or a specific application linked to a device from the App Inventory. For more information, see App Inventory.
- Added a new attribute in the rule builder: Starting with this release, the attribute Device Group is added to the Dynamically Managed device group.
- Device groups within the same space are listed in the drop-down for selection.
- Device group creation is only allowed at level one.
- If you delete a child device group and there are no other rules added to the parent device group, the parent device group will also be deleted.
- If there are rules assigned to the parent device group (other than the child device group), only the rule associated with the child device group is removed, and the parent device group is not deleted in this scenario.
-
Support to allow bulk enrollment using QR code: You can now register devices using QR code for bulk enrollments.
-
Support of substitutional variables: Substitutional variables are now supported for username and password fields for Cellular and APN configurations on IOS and Android platforms.
-
New "Location" field is added to default GDPR profile: When "Location" is selected in the GDPR profile and assigned to a user group, then the Device Location fields Last located on, Latitude and Longitude are masked in the device details for the users who are part of that user group.
- Updates to the Retire and Wipe actions on the Self-Service Portal and Admin Portal: The Retire and Wipe actions have been updated on the Self-Service Portal and the Admin Portal to only allow feasible options based on device registration status, with the following changes:
Self-Service Portal:
Removed the Wipe action for devices in Work Profile mode.
Removed the Retire action for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Admin Portal:
Disabled the Retire and Wipe enabled on the Device Details page for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Enabled the Retire and Wipe disabled on the Device Details page for devices in Work Profile mode.
Note:
If a device is in a Wiped or Wipe sent or Retired or Retire sent state, then the Retire and Wipe actions will be disabled.
If a device is in a Retire pending state, Wipe is disabled, whereas Retire is enabled.
If a device is in a Wipe pending state, Retire is disabled, whereas Wipe is enabled.
iOS, macOS, and tvOS features
-
New restriction added to iOS Restrictions config:
-
Allow Marketplace App Installation: The allowMarketplaceAppInstallation restriction is used to prevent app downloads from alternative marketplaces. This Restriction when set to false, will prevent users from installing new alternative marketplace apps and apps installed from those marketplaces.
-
Allow Live Voicemail: The allowLiveVoicemail restriction is added to disable live voicemail on the device.
-
Force Preserve ESIM on erase: The forcePreserveESIMOnErase restrictions is added to preserve eSIM when the system erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset.
For more information, see iOS Restrictions.
-
-
Delegation with custom distribution is enabled for iOS restrictions configuration: The global administrators can now delegate space administrators to edit the configuration for All Devices and for the Custom distribution option. For more information, see iOS Restrictions.
The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.
-
New column added for Apple devices: The new field Device Type (Apple) is added for iOS and macOS devices in the following places:
-
Devices > Device Groups > rule
-
Advance Search > rule builder
-
Custom Policy > rule builder
-
App Distribution Filters > rule builder
-
Spaces > rule builder
-
-
The Control Media Configuration is deprecated: The "Allowed Media Control" configuration is deprecated by Apple. This configuration is now disabled on the Ivanti Neuron for MDM.
- Provide bundle identifier: The Provider bundle identifier field is available when the Connection Type is selected as Custom SSL to manage the Per-App VPN.
Windows features
- Support for Recurring Windows Scripts and Actions configurations: The administrator can now enable the recurring execution of scripts with the following new settings:
- execution daily or on certain days of the week
- time when the script should be executed (first check-in after configured time)
- execution interval start and end dates
- 'run at least once' flag to trigger a single execution even after the 'execution end' date if check-in did not happen during the configured intervals
- New options in Windows Software Update configuration: Starting with this release, new options are added to Branch to install updates from drop-down. New nodes are added into the Windows Software Update configuration to configure active hours for automatic Windows updates and restarts. For more information, see Software Updates.
- Public IP Address of devices: The Public IP Address of the ChromeOS devices is now visible under the Device Details section.