New features summary

General features and enhancements

• App Installation Status column is added for iOS, macOS, and Android devices: Starting from the current release, the App Installation Status column in the Available Apps tab in Device Details view will display the status of applications on the device. The App Installation Status column appears by default.
  

  Sorting by App installation status is not supported.

  
  For more information, see Getting Started with Devices.

• Delegation with custom distribution is enabled for Per-app VPN and Certificate configurations: Starting from the current release , global administrators can delegate space administrators to edit the certificate for All Devices and for the Custom distribution option.
  

  The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.

  • Per-app VPN configuration - Custom distribution options are now available

  • Certificate configuration - Custom distribution options are now available

    For more information, see Certificate configuration and Per-app VPN Configuration.

• New rule is added to the rule builder: The Device Registered filter attribute is added to the rule builders for Device Groups. The attribute lets you filter the devices that have been registered in a specific time. For more information, see Device Groups.

• View User Registration PIN permissions are updated: When you apply the View User Registration PIN custom role, users can view the PIN of other users that have the same access level or with lesser privileges and the users cannot create PINs for other users. For more information, see Roles Management.

• Support for Department attribute in SCIM user provisioning: Starting this release, Department attribute will be supported in SCIM User Provisioning. For more information, see Configure Attributes in SCIM User Provisioning.

• Updated the Device Cleanup process: The Device Cleanup process is updated as follows:

  • Retired Device Settings - This is now renamed to Retired Devices. Scheduled retirement frequency options are added.

  • Delete Retired Device Settings - This is now renamed to Delete Retired Devices. Scheduled deletion frequency options are added.

  • Delete Wiped Devices - This is added in the current release.

    For more information, see Device Cleanup Settings.

iOS, macOS, and tvOS features

• Automatic renewal of certificates for iOS devices: Starting this release the Go Client certificate for iOS devices is automatically renewed within 30 days of expiry.

• Automatic renewal of N-MDM Device Identity certificates for Apple devices: Starting this release, the Device Identity certificate for Apple devices is automatically renewed within 30 days of expiry.

  iOS devices receive renewed MDM certificates from Ivanti Neurons for MDM as part of the regular device check-in flow.  However, iOS devices need to be re-enrolled with Ivanti Neurons for MDM when they are offline long enough for the MDM certificate to expire before a check-in that would have renewed the certificate before expiration.

• New Device Details are added: The following new version details are added for iOS and macOS devices:
  • Supplemental Build Version
  • Supplemental OS/Version Extra

  The version details are available as follows:

  • Devices > Devices > Details > Overview
  • Devices > Devices > Select columns drop-down menu
  • Advanced Search > rule builder
  • Custom Policy > rule builder
  • Spaces > rule builder
    For more information, see Getting Started with Devices, Custom Policy, Managing Spaces.

Windows features

• Set app priority during installation: When installing a Windows app, the administrator can set the priority level on which the app installation must happen. For more information, see App Configuration.

• Reorder pre or post-install scripts for .EXE files: The administrator can now reorder the pre or post-install scripts or files by prioritizing the pre or post-install scripts for .EXE files. For more information, see Managing Windows Applications.

• Support to add icons when uploading Windows In-house apps: When uploading In-house Windows apps to the App Catalog, the administrator can now include icons along with the apps. For more information, see App Catalog.

• EXE apps installation during Autopilot enrollment: The .EXE apps will be installed in Self-deploying and User-driven modes during the Autopilot enrollment process. For more information, see Configuring Windows Autopilot Profiles.

• EXE app management on Windows devices: The .EXE apps can be managed in Self-deploying or Pre-provisioning modes on Windows devices. For more information, see Managing Windows Applications.

• Support for Windows LTSC devices: Ivanti Neurons for MDM now supports devices installed on Windows LTSC.

• Custom CSP Configuration: The administrator can create, configure, and distribute custom CSPs using the OMA-URI schema. For more information, see Custom Configuration.

General features and enhancements

• Updated the Reports workflow: The report creation, summary, event range, and distribution steps are updated. Select all check box is added to select all the columns that are displayed in the list.

  • New filters are added for all application reports: The All Applications, Most Used Apps, and Unmanaged Apps reports now have the following new filter options:

    • Platform Type
    • Source
    • Custom Attributes
    • Managed

    For Unmanaged Application report App Identifier is added as a default column.

  • Progress bar is displayed on the report type: A progress bar is displayed on the report type to indicate the report generation status.

  For more information, see Using Custom Reports and Using Scheduled Reports.

• New rules are added to the rule builder: The following new rules are added to the rule builders for Advanced Search, Device Groups, Distribution Filters, and Spaces:
  • Sentry Blocked - The Blocked attribute is renamed to Sentry Blocked. Previously the Blocked status referred to the status of blocked devices from Sentry.
  • Access Blocked - For devices that are blocked by Access.

    Ivanti is enhancing Ivanti Access to report blocked device status to Ivanti Neurons for MDM and has tentatively scheduled this integration for the second quarter of 2023. Until Ivanti has completed this integration, the Access Blocked rule will not work as expected.

  • Compliance Action Blocked - For devices that are blocked by the Ivanti Neurons for MDM administrative portal.
    For more information, see Custom Policy, Managing Spaces, Device Groups, Distribution Filters, and Getting Started with Devices.
• Branding update: MobileIron Go app is now re-branded to Ivanti Go on Android and iOS platforms.
• Numeric data type is introduced in Custom Device Attributes: You can now specify numeric values for custom device attributes. The attribute will appear in the rule builder when you create devices or device groups. For more information, see Attributes.
• Specific attributes are supported while provisioning users from Azure AD: User provisioning Azure AD lets you sync specific core and enterprise attributes. For more information, see Configure Attributes in SCIM User Provisioning.

• Converged tenants have access to specific pages in Ivanti Neurons for MDM: The following sections are not applicable for tenants who have access to both Ivanti Neurons for UEM and Ivanti Neurons for MDM:

  • Admin > System > Roles Management
  • Admin > System > Spaces
  • User > Users > Action > Assign Roles
  • User > user details > Assign Roles icon
    For more information, see Roles Management and Spaces.
• Updated name for On-premises Certificate Authority: The on-premises Certificate Authority is now updated to on-premises non-SCEP Certificate Authority on the Ivanti Neurons for MDM administrative portal. For more information, see Certificate configuration.
• Audit Trail Actions menu is added: Actions drop-down menu is added to the Audit Trails page with the following options:
  • Configure Audit Trail Export Setting: The option is now moved from above the columns to the Actions drop-down menu.
  • Export to CSV: You can now download Audit Trail records in CSV format.
    
• Grouped View is removed from Audit Trails: Grouped and expanded views are removed from the Audit Trails page. For more information, see Working with Widgets.
• Device Cleanup Settings is introduced: You can retire or delete unused devices using the Device Cleanup Settings page. For more information, see Device Cleanup Settings.

Android features

• MAC Address Randomization: On Android 13+ devices, the MAC Address Randomization options have been added to the Wi-Fi Configuration section. For more information, see Wi-Fi Configuration.

• Zebra FOTA Patch upgrade: Zebra FOTA Patch upgrades will not be supported on Android 11+ devices as per design changes from Zebra. However, Full Upgrades will continue to be supported. For more information, see Enrolling Zebra OTA Service.

• Zebra Configuration OS updates: Most granular choices are now available to manage Zebra firmware updates. For more information, see System Update Configuration.

• Wi-Fi support for TLS: The administrator has options to provide "outer-identity" when EAP type is TLS, and also for Domain. For more information, see Wi-Fi Configuration.

iOS, macOS, and tvOS features

• Automatic renewal of macAgent certificates: Starting this release the macAgent certificate is automatically renewed within 45 days of expiry.

• Configure DNS Proxy Settings: As the Ivanti Neurons for MDM administrator, you can configure DNS Proxy settings using the DNS Proxy Configuration for users of iPhone and iPad devices. You can use the DNS Proxy payload to specify the application that provides the DNS proxy network extension and other vendor-specific values. For more information, see Creating DNS Proxy Configuration.

• Support for ACME Payload: Starting this release ACME configuration is supported. For more information, see Identity Certificate.

Windows features

• App Inventory interval for Windows apps: The App Inventory interval for Windows apps has been updated to 24 hours, by default. The administrator can set any value ranging from 24 to 48 hours as the interval value. For more information, see Configuring app inventory intervals.

• Update version information for .EXE apps: The administrators can modify the app version in the App Catalog to keep the Display Version and Bundle Version consistent. This can be done only when editing the app, and not during app upload. When the version information under the Display Version section is updated, a pop up appears on the screen to confirm that changing the Display Version also changes the Bundle Version and if you want to proceed further. Click OK to update the information under the Display Version and Bundle Version sections. Click Cancel and the update will not happen in either of the sections. For more information, see App Catalog.

• Windows Custom SyncML Log: The Windows Custom SyncML Log information is now available under the Logs section. For more information, see Pushing SyncML to Devices using Custom Configurations.

• Configure the Windows MSI apps pre and post-installation scripts, and generic files: The administrator can now configure pre and post-installation scripts and files, which are executed on the devices before and after the MSI installation respectively. For more information, see Managing Windows Applications.

• Collecting the .EXEs inventory: The .EXEs inventory is also collected when the Privacy Configuration is using the default configuration to collect App Inventory only for App Catalog. For more information, see Privacy Configuration.

ChromeOS features

The ChromeOS platform support is added from the current release and the following features are NOT available on FedRamp.

• Device action - Lock ChromeOS devices: The administrator can lock ChromeOS devices that are registered with Google Admin Console. For more information, see Locking a Device.

• Device action - Unlock ChromeOS devices: The administrator can unlock ChromeOS devices that are registered with Google Admin Console. For more information, see Unlocking a Device.

• Device action - Wipe ChromeOS devices: The administrator can wipe ChromeOS devices that are registered with Google Admin Console. For more information, see Wiping a Device.

• ChromeOS Device Logs: For all the ChromeOS devices, the Device Log information is available on the Device Details page, under the Logs tab, as available on other platforms like Android and iOS. The device log will have information like the actions that are performed on devices, status of the actions, etc.

• ChromeOS Blueprint Configuration: The ChromeOS Blueprint Configuration uses the same settings that are available for the Google Admin Console. These settings will be distributed to the devices under LDAP User Groups only. For more information, see ChromeOS Blueprint Configuration.

• Android app distribution on ChromeOS devices: The Android apps available on App Catalog can be distributed to ChromeOS devices. For more information, see Distribute Android apps to ChromeOS devices.

General features and enhancements

• Branding updates: 
  • The favicon for Ivanti Neurons for MDM is updated to reflect the branding changes.
  • The new Ivanti Neurons for MDM logo has been included in all the images that have descriptive text.
  • User branding updates to include favicon and logo.

• Added Self-service portal enrollment setting: As an administrator, you can create a self-service portal enrollment setting (SSP setting) in the Ivanti Neurons for MDM administrative portal and distribute the SSP setting to selected user groups. This setting lets you display or hide the device enrollment prompt banner for specific users. The Show device enrollment prompts toggle button is added in the SSP setting that helps you do the following:
  ON: Display the registration banner

  OFF: Hide the registration banner

  For more information, see the Configuring the Self Service Portal Enrollment Setting topic on the User Settings page.

• Explicit permissions to view license information from the account flyout: Administrators now have the option to create a Cross-Space role with the View Licenses permission option that lets users view the licensing section in the account flyout. The license information is visible by default for the following roles:
  • User Management
  • System Read Only
  • System Management

  For more information, see Roles Management.

• Device Compliance Status Sync action is added to the Devices page: The Ivanti Neurons for MDM administrative portal lets you sync the device compliance status with Microsoft Azure InTune to ensure that users are able to access Microsoft Office 365 applications. For more information, see Getting Started with Devices.
• Sync and associated filters are added to the Users page: You can now filter LDAP users and their count in the following ways:
  • Direct Sync
  • No Sync
  • Indirect Sync
  • N/A

  For more information, see Finding and Filtering Users.

• New rules are added to the IP address filter for creating Device Groups: The administrative portal lets you create device groups based on IP Address using the following new rules:
  • is blank
  • is not blank
    

  For more information, see Device Groups.

• Advanced Search functionality in App Catalog: The Search feature in App Catalog has been improved to fetch the apps that match very closely to the app attributes. For more information, see App Catalog.
• Compliance and Blocked columns are added to the Devices page: The Devices page now lets you sort the list of devices by Compliance and Blocked status columns. The columns can be sorted in ascending and descending order. You can click the settings (gear) icon to select and view the columns.

• Users page displays visual pillbox for the selected filtered value: When you select a filter value for users, the filtered results are narrowed. In this release, pillboxes are added for each filtered item to indicate the selected value. You can clear the filtered value to remove the filter.

Android features

• Enable AMAPI / COSU on all tenants, by default: The administrator does not have to enable AMAPI to have COSU support. By default, the AMAPI support is enabled now.

  For more information, see Android Management API.

• Screen Management options: The administrator can now configure the screen brightness, orientation, and timeout options on the devices in Device Owner and Device Owner (AOSP) modes.

  For more information, see Lockdown and Kiosk: Android Enterprise.

• Delete option for Wipe Pending devices: The administrator can now use the Delete Device option to delete devices in the Wipe Pending state from the Device Details page.

  For more information, see Wiping a Device.

• Set Wi-Fi Security Level on Android 13+ devices: The administrator can now set the Minimum Required Wi-Fi Security Level for devices in Device Owner (including AOSP) and EPO modes.

  For more information, see Lockdown and Kiosk: Android Enterprise.

• Managed app feedback support on AMAPI devices: The managed app feedback mechanism is now supported on AMAPI devices.

  For more information, see Android Management API.

iOS, macOS, and tvOS features

• Time Zone field is added in the Device Enrollment Profile form: You can specify the device time zone in the Device Enrollment Profile and the device will be configured in the specified timezone. For more information, see Device Enrollment.

Windows features

• Add the ability to import a Windows Store app by searching using the App Name or AppStore ID: When adding a Windows Store app to the App Catalog, the administrator can now search and add the Windows app either by using the App Name or AppStore ID.

  For more information, see App Catalog.

• Configure the Windows exe apps pre and post-installation scripts, exe files, and generic files: The administrator can now configure pre and post-installation scripts and files, which are executed on the devices before and after the exe installation respectively.

  For more information, see Managing Windows Applications.

• Add Windows Tunnel app to Business Apps: The Windows Tunnel app can now be added from the Business Apps section because the Microsoft for Business will be deprecated soon.

  • If planning to use the Tunnel VPN app via Business Apps and if the Privacy policy is active on the devices, it is recommended that the administrator should enable the non-store and app store inventories, to avoid re-push of the VPN app.
  • In case the store version of the app is imported to the catalog and distributed for a non-AAD user, then if the administrator deletes this version and imports the in-house app from the Business app page, the app neither gets installed nor uninstalled because the Tunnel app is not removed from the end user's device.
  • For non-AAD users, when a privacy policy is enabled to fetch non-store & store app inventory for Windows and when the master inventory table has Tunnel app as IN_HOUSE, after inventory collection the app will be displayed as unmanaged and Ivanti Neurons for MDM will not be able to uninstall the app during un-distribution or deletion from the catalog. However, it would be removed on retired.

General features and enhancements

• Branding-related updates on the administrative portal: As part of the branding updates, the administrative portal now displays the following changes:
  • MobileIron Access - Ivanti Access
  • MobileIron Tunnel - Ivanti Tunnel
  • MobileIron Authenticate - Ivanti Authenticate
  • MobileIron Cloud - Ivanti Neurons For MDM
  • Cloud - Ivanti Neurons For MDM
  • MobileIron EMM - Ivanti Neurons For MDM
  • EMM - Ivanti Neurons For MDM
  • MobileIron - Ivanti
• New device attribute on the Devices Export to CSV page: The Device attribute, Blocked, has been added to the existing list of Device attributes. When you export the Devices report to a CSV file, the report lists Blocked as one of the columns.
• Permanent Reports feature is removed: Starting from the current release, the permanent report feature will be removed. The reports that were previously marked permanent will now be updated to standard reports that can be deleted. An indicator appears beside a standard report indicating that the report was formerly a permanent report. For more information about standard reports, see Using Custom Reports and Using Scheduled Reports.
• New attributes are added to Device Basic search filter: The following attributes are added to the Device Basic search filter:
  • Blocked
  • Compliance
• New attributes are added to Custom Policy rule builder: The following attributes are added to the Custom Policy rule builder:
  • Blocked
  • Compliance
    For more information, see Custom Policy.
• Updated appearance of check boxes: The appearance of all the check boxes in the Ivanti Neurons for MDM administrative portal are updated.
• Azure Device Compliance is added to Audit Trails filter category: A new audit trail log is generated when the device compliance status is updated in the Azure portal. For more information, see Filtering Audit Trail activities in Working with Widgets.
• Support for Custom Attributes in Apps: Starting from the current release, you can create custom attributes for applications. The following updates are introduced:
  • You can assign custom attributes to multiple applications at once or to an individual application from the Apps > App Catalog page.
  • A new Attributes tab is introduced on the Apps > App Catalog > Details page. You can use the Attributes section to add a custom attribute to a single application.
  • When you assign custom attributes to multiple applications at once, the attributes are assigned to all the versions of the applications.
  • The custom attributes are also available on the following tabs. You can add them to the columns to view the associated values and they also appear in the report when you export the page to a CSV file.
    • Devices > App Inventory
    • Device Details > Installed Apps
    • Device Details > Available Apps tabs
  • When you create a report from Dashboards > Report, you can include the Custom Attributes column from the Report Columns page for the following report templates:
    • All Applications
    • Most Used Apps
    • Unmanaged Apps

  For more information, see Assigning Custom Attributes to Apps and Attributes.

• Renewed certificates installation: Renewed identity certificates pushed from Ivanti Neurons for MDM now install on Android devices. Previously, the configuration state on the Device details page of Android devices in the administrator portal used to change from "installed" to "Pending Install." With this release, the configuration state remains as "installed."
• Support to upload and download more records using the Bulk Enrollment Profile option: The administrator can now upload and download 200000+ records using the Bulk Enrollment Profile option. For more information, see Bulk Enrolling devices using CSV file upload.
• Support to Delete apps from the App Catalog section: The administrator can now delete some or all the in-house apps from the App Catalog page. For more information, see Deleting Apps from the App Catalog.
• The managerId attribute values do not sync: The manager ID attribute values do not sync during migration from Azure AD in the current release.

Android features

• Remove the Retire action on devices in Device Owner / Enhanced Profile Owner / Company-Owned Personally Enabled modes: On Android Enterprise, the Retire action is now removed from the devices on Device Owner / Enhanced Profile Owner / Company-Owned Personally Enabled modes. For more information, see Setting up Android Enterprise.
• Additional support for in-house APKs on Android: The APKs with certificates having v1, v2, v3, and v4 signatures are supported now.

iOS, macOS, and tvOS features

• Introduced Autonomous Single App Mode Configuration: The Autonomous Single App Mode Configuration is introduced in the current release. This configuration lets you ensure that only specific applications run on a device. For more information, see Create Autonomous Single App Mode Configuration.
• New fields are added to the Software Updates configuration: The following fields are added to the Software Updates configuration:
  • Priority - Specify the priority of the software update.
    Possible values - Low, High
  • Max User Deferral - Specify the maximum number of times the system allows the user to postpone an update before it is installed. The system prompts the user once a day. This setting is supported only when you select the Install Later option.
    Possible value - Integer
    For more information, see Configuring software updates for Non-DEP and DEP macOS devices in Software Updates.
• New fields are introduced in the Web Clip configuration: The following new fields have been added to the Web Clip configuration:
  • Ignore Manifest Scope
  • Target Application Bundle Identifier

  For more information, see Create a Web Clip Configuration.

• Web Content Filter configuration fields are updated: The following fields are deprecated and replaced with the corresponding fields:
  • Blacklisted URLs - Use Deny List URLs
  • Whitelisted Bookmarks - Allowlisted bookmarks
    For more information, see Web Content Filter.

Windows features

• Support to specify Windows app installation date: When installing an app in Silent mode, the administrator can now specify the date on which the app installation should be done. For more information, see Windows app scheduling.
• MobileIron Bridge rebranding: The MobileIron Bridge has been rebranded to Ivanti Bridge. For more information, see Bridge and Getting Started with Devices.
• Bridge client rebranding: The Bridge client has been rebranded to Ivanti Bridge. For more information, see Bridge.
• MSI apps installation during Autopilot enrollment: The MSI apps will be installed in Self-deploying and Pre-Provisioned modes during the Autopilot enrollment process. For more information, see Configuring Windows Autopilot Profiles.
• MSI app management on Windows devices: In user-less mode, the MSI apps can be provisioned on Windows devices, which means the MSI apps can be installed on devices even when a user is not logged into the device. For more information, see Managing Windows Applications.

General features and enhancements

• User Provisioning Azure Active Directory page displays IDP attribute: The Attribute Type column displays IDP attribute in the Custom Attributes table in the Edit Settings section of the User Provisioning Azure Active Directory (AAD) page. For more information, see User Provisioning-Azure Active Directory.

• Updated Terms of Use: Ivanti has updated the Terms of Use presented by the welcome wizard and available by clicking the Terms of Use link in the Ivanti Neurons for MDM Admin Portal footer.

• Graceful handling of csv errors during bulk enrollment of devices: Ivanti Neurons for MDM gracefully handles errors in the csv files an administrator uses to bulk enroll devices, enrolling devices corresponding to valid csv records, and not enrolling devices corresponding to invalid csv records.

• Branding-related updates in the administrative portal: As part of the branding updates the administrative portal now displays the following changes:
  • Copyright - The copyright statement is updated to reflect the brand changes.
  • Strings and messages - All the strings that display MobileIron Cloud are updated to Ivanti Neurons for MDM.
  • Logos - The logos are updated to reflect the branding.
  • App Catalog - All the strings and messages that display MobileIron Cloud are updated to Ivanti Neurons for MDM.
• Branding-related updates in the Self-Service portal: The strings and logos used in the Self-Service portal that refer to MobileIron Cloud are updated to Ivanti Neurons for MDM.
• Optimize the Export to CSV option for User Provided certificates: User provided certificates can be exported using the new User-Provided Certificates tab in the Certificates Management page. The Export to CSV button lets you download the certificates that were uploaded by the users. The advance search option is also available for you to search for specific certificates. For more information, see Certificate Management.
• Updated appearance of buttons: The look and feel of all the buttons in the Ivanti Neurons for MDM administrative portal are updated.
• Bulk enrollment permissions are added under Devices with Cross-Space Role: You can assign Bulk Enrollment permissions to the devices that are assigned with Cross-Space Role from the Roles Management page. For more information, see Roles Management.
• Rename policy compliance action Block via Sentry to Block: The policy compliance action Block via Sentry has been renamed to Block. This Block action applies to both Sentry and Access. For more information, see Working with Policies.
• Add custom attribute values for Managed app config: When custom attribute values are added by the administrator, these values can be referenced with custom, user, or device attribute updates. For more information, see Attributes.

Android features

• Network and Security logging using the Device Logging configuration: The Device Logging configuration enables an administrator to request debug logs. These debug logs can include or exclude bug reports of specific Android devices. For more information, see Device Logging configuration and Configuration Types.
• Generate QR code for bulk enrollment of devices: Administrator can now generate a QR code to enroll devices in bulk mode. This QR code can also be emailed to all the required users. For more information, see Bulk Enrolling devices using CSV file upload.
• Support for FIDO Authentication: As part of FIDO-based authentication, SAML now supports including a username in an authentication request. The Allow FIDO Auth option is added to the Lockdown configuration. For more information, see Configure Identity Provider and Lockdown and Kiosk:Android Enterprise.
• Allow users to update the location-based services: Administrators can now let users allow or disallow the location-based services when needed. For more information, see Privacy Configuration.

iOS, macOS, and tvOS features

• macOS 13-related features

  • Enhanced options in SSO Configuration: The following extensions are added to the SSO Configuration:

    • Extensible single sign-on account settings:

      • Authentication Method

      • Registration Token

    • Extensible single sign-on Kerberos account settings > Preferred Key Distribution Centers:

      • Allow Platform SSO Auth Fallback

      • Perform Kerberos Only

      • Use Platform SSO TGT

      For more information, see Single Sign-On Configuration.

  • New macOS restrictions: The following restrictions can be added for devices with macOS 13:
    • Allow Rapid Security Response Installation
    • Allow Rapid Security Response Removal
    • Allow USB Restricted Mode
    • Allow Universal Control
    • Allow UI Configuration Profile Installation
      

    For more information, see macOS Restrictions.

• New iOS restrictions are added: The following restrictions can be added for devices with iOS 16:
  • Allow Rapid Security Response Installation
  • Allow Rapid Security Response Removal

  For more information, see iOS Restrictions.

Windows features

• Add new hardware attributes to Reports: New hardware attributes have been added to the Device group attributes list. These attributes can be used to create Reports as well. For more information, see Using Custom Reports.

• Support to configure Start menu layout on Windows 11 devices: Administrators can now configure the Start menu layout on Windows 11 devices. For more information, see Start menu and Taskbar.

General features and enhancements

• Branding-related updates: As part of the branding updates the administrative portal now displays the following changes:
• Login page - The appearance of the login page is updated.
• About Ivanti - The About statement is updated to reflect the branding.
• Privacy Policy - The privacy policy now displays the policy details on the Ivanti, Inc official website.
• Copyrights - The copyrights statement is updated to reflect the brand changes.
• License name is updated: The MobileIron Gold License name is updated to Secure UEM Premium License in the Admin > Microsoft Azure > Office 365 App Protection page.
• Sentry certificates will be validated: Previously, the Sentry certificates were not validated while creating the Sentry profile. Starting from this release, if any of the following conditions do not meet for Sentry server TLS certificate, the Ivanti Neurons for MDM administrative portal will display the related error or warning message:
  • If the leaf certificate does not contain a chain to any certificate authority or if there is no certificate authority in the uploaded file - error
  • If there is no root certificate authority available - warning
  • If the root certificate authority has not signed off the intermediate certificate authority for the leaf certificate - warning
  • If the rules that are mentioned in the following URL are violated: - warning
    https://support.apple.com/en-us/HT210176

  For more information, see Setting Up AppTunnel.

• Updated appearance of buttons: The look and feel of all the buttons in the Ivanti Neurons for MDM administrative portal are updated.
• Optimize the Export to CSV option for DEP enrolled devices: Device details can be exported using the new Export to CSV button from the Device Enrollment page. For more information, see Device Enrollment.
• Report table column headings are updated: The table column headings of the Reports page are updated as follows:
• Column heading labels are updated
• Sorting is implemented on all columns
• Toggle for Enable/ Disable report is now available when you view the report
• The date format is updated to YYYY-MM-DD
• Set Admin Notifications for new Public App Versions in Apple Store or Google Play: The administrative portal displays notifications when new versions of applications are available. You can set the notifications from the Catalog Settings page. The feature is applicable for iOS, Android, and macOS public applications. The administrator can set the frequency of notifications as follows:
  • Once a day
  • Once a week

  For more information, see Catalog Settings.

• The Retry Install on Error option is available separately: The Retry Install on Error option is added to the Device Configurations under Space-Specific Role to allow users to retry application installation if there was an error. Previously, the Retry Install on Error option was part of the Device Management role. If you add the Device Management role, all the associated permissions were added to the role. For more information, see Roles Management.
• The Bulk Assign Via Upload option is available separately: The Bulk Assign Via Upload option is now available for the administrator to add to a custom role from the Device Actions menu. Previously, the Bulk Assign Via Upload option was available as part of the Device Management role. If you add the Device Management role, all the associated permissions were added to the role. For more information, see Roles Management.

• Edit option is added for the Reports-Action menu: The Action drop-down menu in the Reports page now contains the Edit option to allow the administrator to edit the report. For more information, see Using Scheduled Reports and Using Custom Reports.

• Azure device compliance fields are included in the CSV export: The following Azure device compliance fields will be populated in the CSV file when you export the devices list from the Device or the Device Groups page. This function is applicable for iOS and Android devices.
  • Azure Device Identifier
  • Azure Device Compliance Status
  • Azure Client Status Code
  • Azure Device Compliance Report Time
  • Azure Intune Device User UPN

  For more information, see Getting Started with Devices and Device Groups.

• Use the package ID of the receipts for MIP packages with no applications: When importing MIP applications in the app catalog the administrative portal generates the package ID based on the receipts if there are no applications in the MIP package. The first receipt is selected when there is more than one receipt.
• Optimize Export to CSV for Users by User Group details (UI updates): The User Group details can be exported using the Export to CSV option from the User Groups page.
• Support to onboard extension apps on AMAPI devices: During the device enrollment process, an extension app will be distributed to the AMAPI device in COSU mode. For more information, see Android Management API.

• Enhanced autocomplete security: Ivanti Neurons for MDM no longer prompts users to save for later autocomplete use the values in fields containing sensitive information.

Android features

• Remove TeamViewer Activation for [email protected]: It is now possible to remove the TeamViewer Activation for [email protected] using the Remove Activation option. For more information, see [email protected].
• Support for app restrictions and permissions on In-house apps for Android devices: The administrator can now set restrictions and grant or revoke permissions on In-house apps for Android devices. For more information, see Managed Configurations for Android.
• End of service for Samsung E-FOTA licenses: Samsung has announced the end of service for E-FOTA by the end of July 2022. So, the Samsung E-FOTA License Management will not be available from now on. For more information, see Samsung E-FOTA License Management.
• Support for Always-on configuration in COSU mode: When an app with an Always-on configuration is pushed to a COSU-enrolled device, the configuration also gets pushed to the device. For more information, see Always-on VPN Configuration.
• Onboarding the Setup apps in COSU mode for AMAPI devices: When enrolling an AMAPI device in COSU mode on Ivanti Neurons for MDM, Ivanti Go should be distributed by default as a companion (aka extension) app. For more information, see Android Management API.

iOS, macOS, and tvOS features

• Added User’s Screen Saver Configuration: The User’s Screen Saver Configuration is added to the Configurations page to enable the administrator to configure the user's screen saver details on the device. For more information, see Configure User's Screen Saver.

• Specify the duration to retry login attempt in Passcode Configuration: The administrator can specify the wait duration in the Minutes until failed login reset field on the Passcode Settings Configuration page to allow the user to retry logging in after the user reaches the maximum number of unsuccessful login attempts. For more information, see Passcode Configuration.

• Create Home Screen Layout Configuration updated: The Device channel distribution option is added in the Create Home Screen Layout Configuration. For more information, see Home Screen Layout Configuration.

• Support for pushing OS software to multiple devices: The administrator now has option to select multiple devices and push OS software update from the administrative portal Devices page to multiple devices. All the eligible iOS devices from the selected devices can be updated to the latest version or the specific version specified by the administrator.

• Support for iOS applications on Apple Silicon devices: Starting from this release the iOS applications that are enabled to Allow app installation on M1 Devices upon distribution, are listed in App Catalog and [email protected] for macOS. You can install these applications from App Catalog and [email protected] for macOS.

• Search is applied on Apple Device Enrollment account page: The Apple Device Enrollment Account list page allows you to perform a search on the following columns:
• Name
• Apple Account Name

For more information, see Device Enrollment.

• Support to skip Terms of Address: Administrators can now allow users to skip the Terms of Address pane during device setup. For more information, see Device Enrollment.

• Support for the new setting EnableXLAT464 in cellular configuration: You can now select EnableXLAT464 as part of the cellular configuration of iOS devices. This option provides IPv4 services over an IPv6-only network. For more information, see APN Configuration.

• Support for extended iOS MDM CA challenge: Currently, the iOSMDMCA Challenge expiry is set to 20 minutes. You can enable the following feature flag to extend the expiry to six hours:
  

  feature.migration.ca.challenge.override.enabled

• Updated settings for shared iPad devices: The following settings are available from the Ivanti Neurons for MDM administrative portal for shared iPad devices:
  • Set Online Authentication Grace Period: Currently, a Shared iPad requires the device be connected to the internet when a user attempts to sign in. Starting from iPad OS 16, a shared iPad can default to using the local password for existing users on the device and requires no network connection. As an administrator, you can choose to either enforce the remote authentication to always or set the grace period to a specific number of days. For more information, see Device Enrollment.
  • Display default domains on the login screen: Starting from iOS 16, shared iPad devices will display Apple ID domains with the user name field, for the user to select during login. For more information, see Device Enrollment.
• New iOS restrictions are added: The following restrictions can be added for devices with iOS 16:
  • Allow Rapid Security Response Installation
  • Allow Rapid Security Response Removal

For more information, see iOS Restrictions.

Windows features

• Support to create Azure AD (AAD) Groups: The administrator can now create AAD Groups that can be assigned to Autopilot Profiles. For more information, see Configuring Windows Autopilot Profiles.
• Option to select an authentication certificate store to connect to the Wi-Fi network: The administrator can select one of the following three authentication certificate stores to connect to a Wi-Fi network:
  • Machine or User
  • Machine
  • User

  For more information, see Wi-Fi Configuration.

• Support to configure reboot option post app installation: The administrator can now configure Reboot Device after Install option for an app from the App Configuration section. For more information, see App Configuration.
• New Device attributes for creating Device groups: When creating new Device groups, the following Device attributes have been added to the existing list of Device attributes:
  • BitLocker Encryption
  • OS Edition
  • TPM version

  For more information, see Device Groups.

• Improvements to the Deployment Package process: The Deployment Package process has been improved now when enrolling the EPM and SCCM devices to Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.

General features and enhancements

• Ivanti has updated the Ivanti Neurons for MDM user interface for consistency, re-branding, and copyright accuracy:

  • The Ivanti Neurons for MDM Admin portal login page now has a white background image to match recent updates to the application theme.

  • The Ivanti Neurons for MDM Admin portal login page now displays an Ivanti-branded logo, replacing the legacy MobileIron logo.

  • The Ivanti Neurons for MDM iReg login page now displays an Ivanti-branded logo, replacing the legacy MobileIron logo.

  • Copyright text, and About and Privacy links reflect current copyright status and product nomenclature throughout the Ivanti Neurons for MDM Admin portal and related application pages, except for login.anyware.com, which Ivanti will address soon.

General features and enhancements

• MobileIron Cloud is now Ivanti Neurons for MDM: You can see the Ivanti Neurons for MDM logo on the following pages of the administrative portal and the self-service portal:
  • The login page - administrative portal and self-service portal
  • The left navigation bar in the expanded and collapsed state - administrative portal
  All the instances of Cloud are also updated to Ivanti Neurons for MDM in the Ivanti Neurons for MDM Administrator Guide.
• Enhanced appearance of text fields: The appearance of the text fields is enhanced in the Ivanti Neurons for MDM administrative portal.
• Enhancement to the Devices page: The Device Group Name filter is added to the Manage Filters wizard on the Devices page. For more information, see Finding and Filtering Devices.
• Updated steps to Edit Settings in the User Provisioning Azure AD page: The steps to edit the settings to modify Azure AD user provisioning and to add custom attributes from the directory setting are updated. For more information, see User Provisioning Azure Active Directory.
• Filter introduced to the Users page: The Manage Filters wizard is introduced on the Users page to enable search from various sections that are available in the Filter side navigation bar. For more information, see Finding and Filtering Users.
• Buy More Licenses and Upgrade Now buttons are retired: The Buy More Licenses and Upgrade Now buttons are removed from the Account side navigation bar and the Upgrade Options page of the Ivanti Neurons for MDM administrative portal as follows:
  • Account > Buy More Licenses (button)
  • Account > License Info > Upgrade Now (button)
  • Account > License Info > Buy More Licenses (link)
• Install application only at registration: You can now install an application during device registration to help users with required on-boarding applications. If a user deletes an application from the device, the server does not push the application again. This is applicable for iOS, Android, and macOS (not applicable for macOS public apps). For more information, see App Configuration.
• New asynchronous process for the Send Install/Update Request command for iOS apps: When you use the Send Install/Update Request command, the administrative portal displays a message that the:
  • process will continue to run in the background
  • process is complete
  • status whether the process is successful or if there are any errors
• Set the frequency of application notifications: Native app catalog receives notifications when the application updates are available in [email protected] The administrator can configure end-user notifications for new application updates that are available in App Catalog and set the frequency as follows:
  • Once a day
  • Once a week

  For more information, see Catalog Settings.

• Native AppCatalog branding is enabled: Branding features are supported for the integrated native App Catalog.
• Optimize Export to CSV for Users (UI updates): The user details can be exported using the Export to CSV option from the Users page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Exporting Users.
• Optimize Export to CSV for Devices by Device group based on Device count (UI updates): The Device details can be exported using the Export to CSV option from the Devices page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Device Groups.
• Optimize Export to CSV for Devices by Device group (UI updates): The Device details can be exported using the Export to CSV option from the Devices page. After the download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Device Groups.
• Support to enable all AE modes along with missing rules in the Spaces rule builder: The 29 partition rules which were not available in the space rule builder are added now. The list includes all the rules which were present in the device group rule builder but missing in the space rule builder. In addition to the missing AE mode rules, other missing partition rules that were present in device groups are added to the space rule builder. For more information, see Managing Spaces.

Android features

• Device battery status: The device battery information like the Battery Level, Health Status, Charging Status, Health Percentage, Manufacture Date, and Charging Cycles is now available on the Device details page. For more information, see Getting started with Devices.
• Simplified Re-registration process on Android devices: The administrator does not have to clear the existing entry when the device tries to re-register in any mode on the same tenant. For more information, see Device Registration (iOS, macOS, and Android).
• Support for variable substitution: The administrator can now provide substitute variables in the managed app configuration for all the apps in AMAPI (Android Management API) dependent modes. For more information, see Managed Configurations for Android.
• Push device settings and restrict configuration fields: The administrator can now push the device settings or settings with values to devices in the managed app configuration. Also, the administrator can set some restrictions when managing apps to control which fields to be sent to the devices. For more information, see Managed Configurations for Android.

iOS, macOS, and tvOS features

• Support for Python and Swift script types and custom variables: The All Scripts page now supports Python and Swift script types and custom variables. These new scripting languages will be supported only on devices that contain client version 85 or higher. For more information, see All Scripts.
• Updated Client Registered device status indication: Previously, for Mac devices, the Client Registered status field in the Device Overview tab was not set correctly. Starting from the current release, if a Mac device has the [email protected] for macOS client registered, the Client Registered status indicates Yes.
• iOS VPP applications can be installed on M1 Mac devices: You can now install iOS VPP app on M1 Mac devices as managed application and the following operations are supported:
  • In the Install app configuration settings select the Install as managed app option
  • Select or deselect one or more of the following options from the Apple Management Settings:
  • Prevent backup to iCloud and iTunes
  • Remove apps on un-enrollment
  • Add an Apple Managed App Configuration

  For more information, see App Configuration.

• The Allow Mail Privacy Protection restriction is added to the iOS Restrictions Configuration: The Allow Mail Privacy Protection restriction is added to the iOS Restrictions Configuration. This option helps protect your privacy by preventing senders from learning about your email activities. When the Allow Mail Privacy Protection configuration is installed and enabled from the Ivanti Neurons for MDM administrative portal, the Protect Mail Activity toggle is enabled on the device and the following options are visible:
  • Hide IP Address - The email sender cannot link the email to your online activity or determine your location
  • Block All Remote Content - Prevents the email sender from seeing your email activities

  For more information, see iOS Restrictions.

• The Allow Apple TV's automatic screen saver restriction is added to the Create iOS Restrictions Configuration: The Allow Apple TV's automatic screen saver restriction is added to the Create iOS Restrictions configuration. For more information, see iOS Restrictions.

• Screen Saver configuration is added for macOS devices: The Screen Saver configuration is added to the list of existing configurations for macOS devices. This configuration is supported for macOS 10.11 and higher versions. For more information, see Create Screen Saver Configuration.

• New settings are added to firewall configurations: The following new options are added to the Mac device firewall configuration:

  Applicable to: macOS 12.3+

  • Allow built-in software to receive incoming connections - If true, allows built-in software to receive incoming connections.
  • Allow downloaded signed software to receive incoming connections - If true, allows downloaded signed software to receive incoming connections.

  Applicable to: macOS 12.0+

  • Enable logging - If true, enables logging
  • Specify the type of logging
    • Throttle
    • Brief
    • Detail

  For more information, see macOS Firewall.

• Sorting applied on Apple Device Enrollment account and profiles pages: The Apple Device Enrollment Account list and the Device Enrollment Profile page allow sorting. Sorting is applicable in the following columns :

  The sorting does not persist when you navigate away from the page.

  Profiles page:

  • Profile name
  • Description
  • Department
  • Support Phone number

  Accounts page:

  • Name
  • Apple Account Name
  • Last Sync
  • Token Expires

  For more information, see Apple Device Enrollment.

Windows features

• Windows Updates page enhancements: The Windows Updates page has new columns that provide additional information about the updates distributed to different devices. The Windows Updates page will now provide the number of devices that are eligible to install updates, failed updates, etc. For more information, see Windows 10 Update Management.
• Support for ARM on Windows devices: Ivanti Neurons for MDM now supports Windows ARM-based devices.
• View devices by build version on Windows devices: The administrator can create Charts using Widgets to filter out the Windows devices based on the build versions. These charts allow admins to see devices by their Windows OS Update build version, providing a global view of the patches applied. The administrator can even filter out the devices based on the OS build version. Users can click on the Number of devices link to view a filtered list of the devices on any particular OS build version. The filtered list helps the administrator to verify if the updates and patches have been applied to Windows devices on a particular build version or not. If the patches and updates are not installed correctly, the administrator can troubleshoot to resolve the issues. For more information, see Dashboard.
• App dependencies on Windows devices: The administrator can set dependencies for certain apps on Windows devices now.

Case 1: The Bridge app is a prerequisite app which is not distributed, and the main app is an exe which is distributed silently. When the dependency is removed, the Bridge app will be uninstalled, but the exe fails after this step. The administrator should make sure that the Bridge app is not undistributed by default.

Case 2. Prerequisite app is undistributed, and a main app is distributed normally (not in Silent mode). In case the prerequisite app successfully installs, but main app fails to install, then immediately the prerequisite app fails retry of failed main app only when the user triggers as install request.

For more information, see Deploying app dependencies.

General features and enhancements

• Access app details from the App Inventory: Administrators can click an application link from Devices >App Inventory to navigate to the corresponding application details page in the App Catalog. For more information, see App Inventory.
• Persistent App Inventory search results: Clicking the browser back button from the Devices page arrived at after having clicked the device number link in App Inventory search results invokes the App Inventory page with original search results loaded.
• One-click view from the App details page of all versions and inventory details of a specific app: An administrator can click the View App Inventory (all versions) link from Apps > App Catalog >selected app to view in Devices > App Inventory a filtered list by bundle ID of that app. For more information, see Viewing app inventory information from app details page.
• Search app inventory by bundle/package ID: Administrators can search Devices > App Inventory by name or bundle/package ID. For more information, see App Inventory.
• Device registrants can specify device ownership during enrollments involving an idP (Identity Provider) flow: When Ivanti Neurons for MDM captures device ownership information during enrollments involving identity providers, administrators can avoid having to manually assign device ownership after enrollments.
• Display of workflow images in User Provisioning Azure AD page: The User Provisioning Azure AD page in the Ivanti Neurons for MDM administrative portal displays the workflow stages of users and user group migration from Azure AD to Ivanti Neurons for MDM. For more information, see Azure Active Directory User Provisioning
• Import YAML file to create and edit configuration: Ivanti Neurons for MDM administrators can use a YAML file to create or edit a configuration from the Configurations page. For more information, see Working with Configurations.
• Support for pushing configurations to devices specific to spaces: Configurations can be pushed to devices specific to spaces and the devices in other spaces remain unaffected. The configurations can be pushed to either a single space or multiple spaces or all spaces at a time. For more information, see Working with Configurations.
• Pagination is implemented to display long list of users: When you search for users in LDAP > Manage Users page and if there is a long list of users, the Ivanti Neurons for MDM user interface does not display all the users. This issue is now fixed. At a time 15 users are visible and as you scroll the next 15 users are displayed.
• Improved certificate retrieval from connector: When Ivanti Neurons for MDM requests the connector to generate an external certificate, and if the connector is not reachable, Ivanti Neurons for MDM waits at the following intervals. During the wait interval, Ivanti Neurons for MDM does not process any new certificate generation requests for the configurations that are linked to specific Dynamically Generated Identity Certificate (IDDG). However, if a certificate generation is successful after any level of wait time, then the current wait time at any level is cleared and all the subsequent requests are processed. The wait time is set to level 1 at the subsequent failure.
  • level 1=5
  • level 2=50
  • level 3=500
• Updated message in the Enrollment and the Remediation pages for Android devices: The Enrollment and Remediation pages display an updated message on Android devices in any of the following conditions:
• If an Android device is not enrolled in Azure Active Directory (AAD) and you launch any of the Office 365 applications, the default Ivanti Neurons for MDM Enrollment page displays a message.
• If the enrolled Android device is out of compliance and you access any of the Office 365 applications, the default Ivanti Neurons for MDM Remediation page displays a message.
• Bulk action supported in Configurations: Ivanti Neurons for MDM offers the following bulk action for Configurations:
  • Push - You can select multiple configurations from the Configurations page and push them to multiple devices at once.
  • Delete - You can select and delete multiple configurations at once.

    The configurations that are disabled can be deleted. However, configurations cannot be deleted if any of the following conditions exist:

    • The configuration is required for proper system function.
    • Deletion of the configuration retires devices.
    • The configuration is used in other configurations.
    • The configuration is linked to a Sentry profile.
    • The configuration is used in the application configuration.

    For more information, see Working with Configurations.

• Support for branded and core migrated clients: The native app catalog is an alternative to the [email protected] webclip. The native app catalog feature makes it possible for end users to see the app catalog information inside the Go client iOS app. Customers using the following clients can use [email protected] Webclip:
  • Migrated (branded)
  • AtWork
    For more information, see [email protected] (iOS, Android, Windows, and macOS) and iOS [email protected] AppStore Features.

• Restrictions on admin user roles and permissions visibility: The Spaces selected for Devices, Device Groups, Apps, App Inventory, Content, Configurations, Policies, and Certificate Management modules is visible to the user only if the user has the required permissions. For more information, see Managing Spaces.
• Self-Service Portal UI changes: The font type of the Self-Service Portal is updated from Helvetica Neue to Inter.
• Rename iOS SCEP to Apple SCEP: The iOS SCEP has been renamed to Apple SCEP because it is supported for macOS as well. For more information, see Identity Certificate.
• Export Custom Attributes from Device page: The Custom Device Attributes with their values can be exported to .CSV format from the Device Details page. For more information, see Assigning Custom Attributes to Devices.
• Export Custom Attributes from Users page: The Custom Device Attributes with their values can be exported to .CSV format from the Users page. For more information, see Exporting Users.
• Optimized Export to CSV for App Inventory: The App inventory export is now asynchronous, allowing use of the user interface during the export. The App Inventory details can be exported using the Export to CSV option from the Devices page. After download is complete, the user will be prompted with an option to either Download or Delete the report. For more information, see Exporting an App Inventory.

Android features

• Android Enterprise Managed Google Accounts binding: Users must bind the Ivanti Neurons for MDM with a Managed Google Enterprise account using the recommended client id. For more information, see Admin - Android Enterprise.

• File Transfer Configuration: A new configuration File Transfer is available on the App Catalog for Android devices. This configuration can be used to transfer files to the device and these files can be shared from MobileIron Go to other apps on the same device. For more information, see Android File Transfer Configuration.

• Improved app feedback mechanism: The app feedback report on Device details and App details page provides detailed information and provides placement of reported settings (in the Managed app config of the app) based on the feedback received from apps. For more information, see Synchronizing and fetching app feedback.
• Support for 5G network slicing on Android devices: On Android 12 devices with a Work Profile on Company Owned node, the admin has an option to provide 5G network slicing. For more information, see Lockdown and Kiosk: Android Enterprise.

iOS, macOS, and tvOS features

• Associated Domains configuration for macOS is added: The Associated Domains configuration is a dictionary that maps apps to their associated domains. Associated domains can be used with features such as Extensible AppSSO, universal links, and Password AutoFill. For more information, see Configuration Types .
• Update OS Version device action allows administrators to update iOS devices to a specific OS version: The Device > Actions menu option-Schedule iOS Update is now renamed to Update OS Version for Supervised iOS devices. The system lets you update to any applicable specific OS version. For more information, see Schedule iOS Update.
• Support for software update for non-Dep supervised macOS devices: Ivanti Neurons for MDM now supports software update for non-Dep supervised macOS devices that are registered through iReg or Client. For more information, see Software Updates.
• Support for $userRealm custom attribute: A new custom attribute $userRealm is now added to the Ivanti Neurons for MDM administrative portal. This attribute supports AAD users. Custom attribute support is enabled for the Kerberos realm name in all SSO configurations. The Kerberos principal name field is renamed as User name in all the SSO related configuration fields. For more information, see Single Sign-On Configuration.
• Audit Trail logs application icon change activity: Audit trail now saves logs of application icon change for iOS and macOS devices. After an application icon is changed, you can track the following details:
  • Activity: Upload Icon
  • Status
  • Performed By
  • Performed At
  • Performed On
  • Details
  • Before and After icon images

  For more information, see Working with Widgets.

• Updated macOS Restrictions Configuration: The following restrictions are added to the macOS Restrictions Configuration:
• Enforced Fingerprint Timeout: You can specify the duration of Forced Fingerprint time-out for supervised registered macOS devices from the macOS Restrictions Configuration page. After the time-out duration is completed, the user is prompted to log in using the device password. The default Touch ID Timeout duration is 48 hours. The device provides you with the option to login using the Touch ID or the password.
• allowCloudPrivateRelay: If you set the Private Relay ON in a macOS device, the network traffic is encrypted so that the internet activity is private and secure. This restriction requires a supervised device.

For more information, see macOS Restrictions.

• Updated iOS Restrictions Configuration: The following restrictions are added in the macOS Restrictions Configuration:
  • Force authentication before autofill: The device owner must authenticate before passwords or credit card information can be auto-filled in the Safari browser and in applications. Only supported for devices that have Touch ID or Face ID enabled. This restriction requires a supervised device.

For more information, see iOS Restrictions.

Windows features

• Windows Device Management for Autopilot feature: Windows Autopilot feature must be configured from the Windows Device Management section instead of the AAD User Source section. For more information, see Configuring Windows Autopilot Profiles.
• Bridge Last Check-in details: The Bridge Last Check-in details can now be viewed on the Device details page. For more information, see Bridge.
• Ivanti Neurons Agent app availability on App Catalog: The Ivanti Neurons Agent app is available on the App Catalog now. The admin can add and deploy the Neurons Agent app as an in-house app through Ivanti Neurons for MDM on Windows devices.

General features and enhancements

• The following UI enhancements are made in Ivanti Neurons for MDM release 83:
• Font: The font type in the Ivanti Neurons for MDM 83 administrative portal is changed from Helvetica Neue to Inter.
• Buttons: The look and feel of all the buttons in Ivanti Neurons for MDM have been updated.
• License information: Starting from Ivanti Neurons for MDM release 83, the account details section in Ivanti Neurons for MDM displays the license details as follows:

  Subscription type	Billing type	Device license count
  Recurring	MRC	x Devices/ User license used
  Term	non-MRC	x of y Devices/ User license used

• Duplicate display of count in the Configurations page: The count in the Install, Pending, Available, Error columns, and the number of apps in the Dashboard > Apps page display duplicates for the first 15 days after Ivanti Neurons for MDM is upgraded to 83. The count shows consistent values after 15 days of the upgrade.
• Quick search field in the Windows 10 Update Management page: The Admin > Windows 10 Update Management page now contains a quick search for the Knowledge base ID field. For more information, see Windows 10 Update Management

  The Go button is now removed

• Inactivity timeout limit: You can configure the Inactivity Timeout range of the Ivanti Neurons for MDM administrative portal up to 60 minutes. For more information, see User Settings.
• Support for PIN authentication and bypass identity provider: During device registration, the administrator can bypass the identity provider option and provide the user with the option to authenticate using a PIN instead of authentication using the identity provider page. For more information, see User Settings.
• Password field introduced in iOS MDM Configuration page to enable profile deletion: A new password field is added in the iOS MDM Configuration page and the password can be used to delete a profile from the device. If you set a password in the Ivanti Neurons for MDM administrative console and if a user tries to delete the user profile from the device, the user receives a prompt to enter the password required to delete the profile. For more information see Configuring an iOS MDM Profile.
• Session timeout redirects to identity provider login screen: When the session times out in Ivanti Neurons for MDM, users are redirected to the identity provider login screen.

  Note: Ensure that the Disable Force Authentication check box is cleared in Okta.

• Notification page displays status of application upload: Starting from Ivanti Neurons for MDM release 83, when you add the following types of applications in App Catalog, a notification is generated in the Dashboard > Notification page. The notification also contains a link that redirects you to the application in the App Catalog.
  • public application
  • in-house application
  • new version of an in-house application
• Azure AD User Provisioning: Starting from Ivanti Neurons for MDM release 83, Azure Active Directory (AAD) User Provisioning replaces AAD User Source. Azure Active Directory User Provisioning uses the SCIM protocol to synchronize Azure Active Directory with Ivanti Neurons for MDM and allows for partial user and group sync. For more information, see Azure Active Directory User Provisioning.

Feature disabled June 16, 2022: Ivanti is investigating an issue with this feature and has disabled it. Ivanti will share a link to a related Knowledge Base (KB) article shortly to the Ivanti Community portal.

• Quick search field is added to Classes and Individuals tabs in Apple School Manager: The quick search field lets you search for the details related to Classes or Individuals.
• Use the quick search to search the following from the Classes tab:
• Class ID
• Course Name
• Instructor
• Location
• Room
• Use the quick search to search for the following from the Individuals tab:
  • Person ID
  • First Name
  • Last Name
  • Apple ID

For more information, see School Manager.

• Application dependencies are now available for iOS and Android applications: Administrators can now configure prerequisite applications for iOS and Android applications.

  Prerequisite apps are not supported for Device Admin (DA) mode and AOSP mode android devices.

  For more information, see Deploying app dependencies.

Android features

• Device Name Settings on Android devices: When the admin generates the Device Details report, the actual device name is shown rather than the device model or manufacturer's name. In case the user changes the device name, the new name will be shown the next time the report is generated. For more information, see Device Name Settings.
• Allow USB for Charging Only option: Company-Owned Android devices have a new option Enable USB for charging only that allows the USB port for charging only. This option is available in Work Managed Device (DO) and Managed Device with Work Profile on Company Owned Device (EPO) modes. For more information, see Lockdown and Kiosk: Android Enterprise.
• Support for 5G network slicing on Android devices: On Android 12 devices with a work profile, the admin has an option to provide 5G network slicing. For more information, see Lockdown and Kiosk: Android Enterprise.
• Support to clone App Configuration Settings on Android devices: The admin can clone the App Configuration Settings so that the same settings can be applied on different Android devices. For more information, see App Configuration.

iOS, macOS, and tvOS features

• Auto-register Go device users using QR code or link: As a convenience, instead of iOS device users manually entering registration credentials, you can set up an infrastructure to use a QR Code to automatically enter the registration credentials for the device user. You can now register your iOS devices by scanning the QR code from the Go 83 client application onwards. Users can generate the QR code from the end user portal. This capability is supported for iOS 14 and higher versions. For more information, see Device Registration (iOS, macOS, and Android). 
• [email protected] available from Go for iOS: Starting from Ivanti Neurons for MDM release 83, you can transition to [email protected] native experience from Go application. The [email protected] native appstore is deployed automatically with the Go app client. For newly created tenants no action is required from the administrator. The [email protected] tab is displayed on the Go app client task bar and end users can view and install their company approved apps from [email protected] For newly created tenants the administrator can distribute the [email protected] Webclip configuration to iOS and macOS devices. For more information, see [email protected] (iOS, Android, Windows, and macOS).
• Configure the Setup Assistant for iOS and macOS: The Configuration Setup Assistant lets you select the setup screens that you want to skip during device setup. For more information, see Configuring the Setup Assistant.

Windows features

• Provisioning Package Enrollment with PIN for devices managed by Ivanti Endpoint Manager and Microsoft Configuration Manager: The admin can enroll the devices managed by SCCM and Ivanti Endpoint Manager in the Ivanti Neurons for MDM. This feature bypasses the manual enrollment for the devices by the end users. The admin can use this enrollment system to manage their enterprise devices in the Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.
• Audit Trails on Autopilot Profiles: The Audit Trails option is now available for the Windows devices enrolled in the Autopilot mode. For more information, see Audit Trails on Windows Autopilot Profiles.
• Recover Service Failure using the new version of Bridge 2.1.14: The new version of Bridge 2.1.14 gets imported into the App Catalog for all the users. This new version includes a support for the Bridge Service Failure Recovery option as well. In some rare cases, the Bridge Service may fail without any known reason. Support for this service is available in Bridge 2.1.14 and later versions. For more information, see Bridge.

General features and enhancements

• Display error count in the Configurations page: The Configurations page now has the option to display the Error column to indicate the number of configurations that are in error state on the devices. Also, a description of the metric is provided for each column when you mouse over the icon adjacent to the column name.
• Ivanti Neurons for MDM SAML session timeout duration to honor IdP default timeout: The identity provider (IdP) now successfully authenticates users during a valid IdP session, even if the Ivanti Neurons for MDM session has timed out.
• Application dependencies listed in Audit Trail for macOS applications: The Audit Trail page now displays the supported prerequisite applications in specific fields as follows:
  • appVersionId
  • name
  • platformAppId

  The prerequisite applications that are auto-delegated or undelegated containing the following fields are displayed:

  • dmPartitionDistributionType
  • dmPartitionDistributionReason

For more information, see Deploying app dependencies.

• Unique details to help differentiate between duplicate LDAP and AAD user groups: GUID, DN, and source details are displayed under duplicate LDAP and AAD user groups to help the administrator differentiate between the groups during distributions. This is implemented in the following pages and is visible when duplicate groups are present:
  • User > User Settings > Device Registration Setting (+ Add setting for specific user groups) > enter a user group name
  • User > User Settings > User Invite Reminder Setting (+ Add setting for specific user groups) > enter a user group name and Frequency
  • Apps > App Catalog > App Details > Distribution > Edit > User Groups
  • Configurations > +Add > Privacy > enter a user name > click: Next > Custom > User Groups
  • Apps > App Catalog > App Details > App Configurations > + > Custom > User Groups
  • Content > Hosted Content > Add > Distribution step
• Display status message of Install/Update requests: Sending install or update commands for VPP applications are supported. Also, the following updated status messages are displayed when you send install or update commands from the Ivanti Neurons for MDM administrative portal:
  • Failure:
  • The distribution of the app has failed for some devices due to:
    • xx more VPP licenses are needed - appears if all devices are eligible.
    • xx License User Agreement(s) not accepted by End User - appears if any license user agreements are not accepted
    • xx devices are not eligible for this app
  • Success:
  • Install/ Update request has been sent successfully to xx devices.
• Bulk action supported in Configurations: Ivanti Neurons for MDM offers the following bulk action for Configurations:
  • Delete - You can select and delete multiple configurations at once.

    The configurations that are disabled can be deleted. However, configurations cannot be deleted if any of the following conditions exist:

    • The configuration is required for proper system function.
    • Deletion of the configuration retires devices.
    • The configuration is used in other configurations.
    • The configuration is linked to a Sentry profile.
    • The configuration is used in the application configuration.

    For more information, see Working with Configurations.

• App dashboard shows app count on devices that are checked-in the last 15 days: In Ivanti Neurons for MDM, app dashboard now shows app count on devices that are checked-in the last 15 days. Previously, this was set to 24 hours. For more information, see App Insights.

Android features

• Support for new scope delegation using EMM API: The admin can assign some Delegated Permissions using EMM API. For more information, see App Catalog.
• Support for new scope delegation using AMAPI: The admin can assign some Delegated Permissions using AMAPI. For more information, see Android Management API.
• Support to configure high-priority app updates on AMAPI devices: The admin can configure high-priority app updates on AMAPI-enrolled devices in the COSU or other future modes. For more information, see App Configuration.
• Recommendation to use a 6-10 digit PIN to exit the Kiosk Mode from the device: Admins are recommended to use a 6-10 digit PIN to exit the Kiosk Mode from the device. This PIN is applied to all the devices in Kiosk Mode. For more information, see Lockdown and Kiosk: Android Enterprise.
• Support for new scope delegation using EMM and AMAPI - User Interface updates: New options, Manage Network Log Collection and Manage Certificate Selection added to the Delegated Permissions section. The admin can apply these options on some apps to receive network logs and select certificates.
• Passcode and Lock Screen Configuration settings: For devices on Android v12.0+, the admin can set Passcode complexity to None, Low, Medium, or High. On Android v12.0+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity is supported, and Passcode Quality is deprecated for Device Passcodes. The existing Passcode Quality configuration will be automatically converted to Passcode complexity for Device Passcode. For more information, see Advanced Android Passcode and Lock Screen.
• Support to share recently logged-in usernames for Android Shared Kiosk devices: The last seven user names remain available with the Go client when a user logs in and logs out from Android Shared Kiosk devices. For more information, see Setting Up Kiosk Mode for Android and Lockdown & Kiosk: Android Enterprise.
• IDP Authentication for the Android Shared Kiosk devices: The IDP or passive authentication is supported in Android Shared Kiosk devices now. For more information, see Setting Up Kiosk Mode for Android.
• Added support for permitted inputs in the EPO mode: The Restrict Input Methods option is supported only on Android 10 and 12+ devices, not on Android 11 devices. For more information, see Lockdown and Kiosk: Android Enterprise.

iOS, macOS, and tvOS features

Windows features

• Provisioning Package Enrollment with PIN: Ivanti Neurons for MDM now allows the administrators to enroll Windows desktop devices managed by SCCM. This feature bypasses the manual enrollment of the devices by the end-users. This enrollment system can be used by the administrators who manages their enterprise user devices with LDAP users and wants to migrate seamlessly to Ivanti Neurons for MDM from SCCM. The admins can generate enrollment PINs for the end-user profiles imported from the LDAP and bundle the PINs within a and further use the package for enrollment on Ivanti Neurons for MDM. For more information, see Provisioning Package Enrollment with PIN.
• Users can edit and delete Autopilot devices: Users have the option to edit and delete the Autopilot devices from the Ivanti Neurons for MDM administrative portal. For more information, see Configuring Windows Autopilot Profiles
• Microsoft Edge configuration support: Ivanti Neurons for MDM now supports Microsoft Edge configuration in the Browser settings configuration for Windows. Microsoft Edge browser will eventually replace Microsoft Internet Explorer in Windows 11. For more information, see Browser Settings.

General features and enhancements

• Create on-premise certificate authority: Ivanti Neurons for MDM supports the creation of an on-premise non-SCEP certificate authority.

  Ensure that the connector is registered to the tenant.

  For more information see Certificate configuration.

• T3 instance support: The Ivanti Neurons for MDM Connector 81 now supports T3 EC2 instances.

• Delegation is enabled for dynamically generated identity certificate configurations distributed to All Devices and Custom distribution options: Global administrators can delegate space administrators to edit the Dynamically Generated Identity Certificate for All Devices and for the Custom distribution option. For more information, see Working with Configurations and Identity Certificate.

  The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.

• Duplicate user group names available under the rule builder: The Ivanti Neurons for MDM Administrator portal now displays the number of duplicate user groups and the corresponding number of GUIDs to identify duplicate groups, when the User Group Name attribute is selected in the rule builder. Also, a table under this rule displays the list of the duplicate user groups and their details such as User Group Name, GUID, Source, and distinguished name (DN). This is implemented in the following rule builders:

  • Users > User Groups > +Add
  • Users > Advanced Search
  • Devices > Device Groups > Add
  • Devices > Advanced Search
  • Admin > Spaces > Add
  • Policies > Custom Policy > Add

• Filter device groups by IP address: You can now create device groups by their IP addresses. IP address is now listed as one of the filters in Device Groups. The field also indicates if the specified IP address is invalid. For more information, see Device Groups.
• Schedule Mobile Iron Packager (MIP) for macOS application updates: Ivanti Neurons for MDM supports scheduled updates of .MIP files. The administrator can schedule application updates based on the server time zone. By default the scheduling of applications is disabled. The application upgrades only when the device checks in within the scheduled time. For more information, see Working with Configurations.
• Bulk export action supported in Configurations: Ivanti Neurons for MDM offers the bulk export action for Configurations. In previous releases, you could export all configurations or just one configuration at once. Now, you can select and export specific configurations. For more information, see Working with Configurations.
• Redirect users to the Go page from the Enrollment and the Remediation pages:
  • If an iOS device is not enrolled in Azure Active Directory (AAD) and you launch any of the Office 365 applications, the default Ivanti Neurons for MDM Enrollment page displays the Install MobileIron Go button that directs you to the Go app store page.
  • If the enrolled device is out of compliance and you access any of the Office 365 applications, the default Ivanti Neurons for MDM Remediation page displays the Open MobileIron Go button which launches the Go application.

• Quick search from the Roles Management page: The Roles Management page now lets you perform a quick search. You can search for partial words, multiple words, special characters, perform a role-specific search, and search for custom roles.

  The quick search function is only applicable to the items that are listed in the Name and Description columns.

Android features

• Support for Wi-Fi configuration: The Wi-Fi configuration is supported for Android Enterprise Dedicated COSU (single app) mode. For more information, see Wi-Fi Configuration.
• Wi-Fi configuration - user interface updates: New icons are added to indicate the support level for different EAP types and other features during Wi-Fi configuration.
• Granularity for Android devices with Lock Task Mode (LTM): When the LTM option is selected, the Settings option will be enabled for Kiosk settings as well as other apps in Kiosk mode. For more information, see Lockdown and Kiosk: Android Enterprise.
• Support for Passcode complexity on Android 12+ devices: For Device Passcode on Android 12+ devices, the Passcode complexity has higher priority than the Passcode Quality. When the Passcode complexity option is set, the Passcode Quality setting will not be considered. The admin can set Passcode complexity to None, Low, Medium, or High. On Android 12.0+ devices using Work Profile and Work Profile on Company-Owned modes, the Passcode complexity is supported and Password Quality is deprecated for Device Passcodes. The existing Passcode Quality configuration will be automatically converted to Passcode complexity for Device Passcode. For more information, see Advanced Android Passcode and Lock Screen.
• Unique enrollment-specific ID support in Android 12+ devices: Supports a unique ID guaranteed to be the same value for the same device, enrolled into the same organization by the same managing app. It remains stable across factory resets or new profile installations. This is available for new installs and post-upgrade to Android 12. Supported modes are Work Profile, Work Profile on Company Owned Device, and Work Managed Device. This new field is also available for viewing in the device details page.

iOS, macOS, and tvOS features

• Enable or disable the display of personal recovery key in macOS: Ivanti Neurons for MDM now allows the administrators to enable or disable the display of the personal recovery key after FileVault 2 is enabled. For more information, see FileVault 2.
• User list enhancement in Shared iPad: The Users tab in the Devices page is now enhanced and shows the managed apple id as a hyperlink, clicking which redirects to user account details page in Shared iPad. For more information, see Displaying detailed device information in Getting started with Devices.
• User list with last check-in time available in Ivanti Neurons for MDM user interface: For mac and shared iPad devices, Ivanti Neurons for MDM now lists all user information and their last check-in time in the Admin tab of Ivanti Neurons for MDM user interface. In Shared iPad, when ListUsers command is enabled, all managed user ids along with their check-in time are displayed. In macOS devices, when ListUsers command is enabled, all local users on the device are listed and only the last check-in details of the user who registered the device is listed. For more information, see Shared iPad for business (iPad devices) and Admin > Apple > Device Enrollment (macOS devices).
• New skip key added in Device Enrollment Profile: New skip key SkipUnlockWithWatch added to Ivanti Neurons for MDM Device Enrollment Profile for macOS 12. Administrators can now enable skip to unlock with watch. For more information, see Admin > Apple > Device Enrollment.
• Removable system extension added to macOS: In macOS 12 , Removable system extension configuration is added to allow applications to deactivate their system extensions without administrator approval. This configuration is useful during un-installations of apps and mainly used in deployments where the mac has no admin user. For more information, see macOS System Extension configuration.

• Per-App VPN added to configurations: In iOS 14+, administrators can add a Per-App VPN configuration for network communication within the following configurations:

  • Google Account configuration

  • Exchange configuration

  • LDAP configuration

  For more information, see Google Configuration, Exchange Configuration and LDAP Configuration.

• Prioritization of MIP apps installation during user onboarding: Ivanti Neurons for MDM administrators now have the option to set the priority of installation of MIP apps during user onboarding in mac devices. Applications that are only set to priority “High“ are installed during user onboarding. Administrators can set the priority of the application as one of the following within app configuration view:
  • High
  • Medium
  • Low

  For more information, see Adding an app from a public store and Adding an in-house app in App Catalog.

• Managed App support for User Enrolled devices: In macOS 12, Managed App support is added to user enrolled devices. Administrator can select the "Install as Managed" option in the app configuration to install the app as a managed app. For more information, see App Configuration.
• Update the OS to a specific version for macOS: Ivanti Neurons for MDM now allows the administrators to add a specific version of macOS for updating the devices enrolled on Ivanti Neurons for MDM. For more information, see Software Updates.
• Select Install Action type for to macOS and iOS: Support to select an action for pending installation is also extended to iOS and tvOS. Administrators now have the option to select one of the actions for the pending iOS or tvOS installation as below:
  • Default
  • Download Only
  • Install ASAP

  The administrators also have the option to select one of the actions for the pending macOS installation as below:

  • Default
  • Notify Only
  • Install Later
  • Install Force Start
  • Download Only
  • Install ASAP

  For more information, see Software Updates.

• Device lock command support extended to mac devices running on Apple silicon: On Apple M1 chipset devices running on macOS 11.5+, Administrators can now set a six-digit pin to unlock the device. Once the pin is entered, users can login to the device.
• Lock screen message field and Phone number field added to macOS device lock option: Ivanti Neurons for MDM now has the optional lock screen message field and phone number field added to macOS 11.5+ device lock menu on the device details page. For more information, see Locking a Device.
• Set recovery lock to enter macOS recovery: Ivanti Neurons for MDM now allows administrators to set the recovery lock to enter recovery mode on macOS devices running on Apple silicon. The status of the recovery lock of a device is visible from Devices > Overview > Recovery Lock. This information is also visible from Device Groups tab and Advance Search field under Devices tab. For more information, see Displaying detailed device information in Getting started with Devices, Adding a device group in Device Groups and Setting or changing recovery lock.
• Hungarian and Swedish language support for registration and privacy page: The registration and privacy page of iReg registration now supports Hungarian and Swedish language.
• Remote restart and shutdown feature now extended to macOS: Ivanti Neurons for MDM now supports remote restart and shutdown for macOS 10.13+ devices. For more information, see Restarting or shutting down devices.
• Software update recommendation cadence configuration added to iOS: In iOS or ipadOS 14.5+, software update recommendation cadence configuration gives administrators an option to allow users to view and update the devices to the highest-numbered (most recent) release or lower-numbered (oldest) release. For example, administrators now have the option to update the device to the next major release of iOS 15 or update the newer minor release of iOS 14.8.x. For more information, see Software update recommendation cadence configuration.

Windows features

• Create Autopilot Profiles: Administrators can create Autopilot Profiles on Windows devices. To manage the Windows Autopilot Profiles, the User Source must be configured in the AAD. For more information, see Configuring Windows Autopilot Profiles.
• Enroll Autopilot Profiles in Self-Deploying mode: The Autopilot Profiles can now be enrolled under the following modes:
  • Self-Deploying mode.
  • User-Driven (Pre-provisioning mode)

  For more information, see Configuring Windows Autopilot Profiles.

• Automatically push specific configurations to devices during enrollment: When a device is enrolled into the Ivanti Neurons for MDM administrator portal, the following configurations are pushed automatically before the user logs in to the device:
  • Identity Certificate
  • Wi-Fi
  • Windows Hello For Business
  • Windows Restrictions

The rest of the configurations are in Pending state and are pushed after the user logs in to the device using an email address.

• Device enrollment for HoloLens 2 devices in Autopilot mode: In some rare cases, HoloLens 2 device with Autopilot Self-deploying enrollment mode gets stuck on the Setting up your device for work screen. The user must power off and on the device to continue with the enrollment process. For more information, see Configuring Windows Autopilot Profiles.
• TenantLockdown CSP for Windows devices: The Windows devices enrolled using Autopilot can be locked to tenants using the TenantLockdown CSP feature. This is useful when the devices are stolen or lost. For more information, see TenantLockdown CSP.
• Configuration of the Teams Chat icon on the taskbar: For Windows 11 Enterprise edition, you can control the behavior of the Teams chat icon on the taskbar. See Windows Restrictions for complete information.
• Include Trusted Platform Module (TPM) version and memory information in reports: Administrators can create reports that include TPM version and memory information for devices. See Using Scheduled Reports and Using Custom Reports.

General features and enhancements

• Downloading device reports:Administrators can download device reports using the Export to CSV option. After the report is ready, the Ivanti Neurons for MDM prompts to download or delete the report, and sends an email with the download link. When a report download is in progress from the Ivanti Neurons for MDM administrator portal in one browser window, you have the ability to download reports from another browser window.
• Schedule or force check-in devices: Devices can check-in to the Ivanti Neurons for MDM portal according to the schedule, or the administrator can check it in using the Force check-in Device Action option from the Actions menu drop-down list. The Audit Trails page audits and lists the device check-in status as follows:

  If a device checks-in as per schedule the following audit status appears:

  • Check-in Device Action Performed

  If the administrator uses the Force Check-in option, the following audit statuses appear:

  • Force Check-in Device Action Performed
  • Check-in Device Action Performed

  If the Device Check-in Trails option is turned ON, the Audit Trails page audits device check-in and displays the list of all the actions that were performed on the devices. However, if the Device Check-in Trails option is turned OFF and the administrator performs a force check-in of a device, then the Audit Trails page displays just the Force Check-in Device Action Performed status.

  For more information, see Working with Widgets and User Roles.
• Change of color in the left navigation panel of the Ivanti Neurons for MDM admin portal: The left navigation panel color of the Ivanti Neurons for MDM administrator portal is now white from blue. Ivanti Neurons for MDM no longer offers the ability, formerly available with the now removed New Look radio button, to switch from the newer left navigation to the older horizontal navigation that appeared as tabs across the top of the Ivanti Neurons for MDM window.
• Tooltip to view complete row item in the Audit Trail page: If a row item extends beyond the default column width and is hidden due to the column border, an ellipsis appears, and when you mouse-over on the ellipsis, the complete row item appears as a tooltip. For more information, see Working with Widgets.
• Audit Trails are enabled by default: Audit Trails is enabled by default for all tenants. The tenant can opt-in or out of Device Check-in Audit Trails. For the tenants that were enabled with Audit Trails prior to this release, the check-in events stay enabled. For all other tenants' devices, the check-in trails are disabled. Audit Trails helps you to track configuration changes, provides a security record, documentation, and serves as chronological evidence of events in the Ivanti Neurons for MDM administrator portal. Also, Audit Trail provides the mechanism to troubleshoot issues when customer support is engaged. For more information, see Working with Widgets.
• Schedule in-house application updates: Ivanti Neurons for MDM automatically updates in-house applications when a device checks in. Administrators can now schedule in-house application updates based on the server time zone. The application updates only when the device checks in within the scheduled time. By default, the scheduling of application updates is disabled.

  This configuration is applicable only for updates and not a new installation. You can use the Send install/update command to override the auto-update schedule for iOS applications. The configuration is applicable only for the following application types:

  • iOS in-house applications.
  • Android in-house applications that are only in DO mode.
  • macOS applications that are only of .pkg format.
  • Windows applications.

For more information, see Working with Configurations.

• User Group Distinguished Name: The User Group Distinguished Name (DN) attribute is added to the rule builder drop-down list to help identify duplicate user groups when the User Group Name attribute is used in the rule builder. The DN attribute can be displayed in the User Group list view. However, by default, the DN column is not visible. You must select the DN option from the Actions drop-down list. The User Group DN attribute supports all standard operators. User Group DN is applicable for the groups that are sourced from LDAP.

  The User Group DN attribute is added to following rule builders drop-down lists:

  • Users > User Groups > Add
  • Users > Advanced Search
  • Devices > Device Groups > Add
  • Devices > Advanced Search
  • Admin > Spaces > Add
  • Policies > Custom Policy > Add

  For more information, see User Groups.

• Number of in-house application versions limit set to 100: The number of in-house application versions is limited to 100. If that number is exceeded, Ivanti Neurons for MDM system purges the oldest versions of the application. The status of the application upload and purge is listed and is visible from the Audit Trails page. For more information, see App Catalog.
• Application distribution is allowed to a maximum of 100 entities: You can deploy an application to a maximum of 100 entities at once. The limit is applicable to the following entities:
  • Application configuration-selection of Users, User Groups, Devices, Device Groups for send app install command.
  • Configurations
  • Policies

  For more information, see the following topics:

  • Working with Configurations

  • App Configuration

  • Working with Policies

• Azure Intune Device user UPN attribute is available: The Azure Intune Device user UPN attribute is listed in the Device Details page.
  • Perform a clean uninstall of [email protected] for macOS: If you have enabled the option Remove apps on un-enrollment(Applicable to managed apps only) during installation of [email protected] for macOS and if you initiate the device to be retired from the Ivanti Neurons for MDM administrator portal, then Ivanti Neurons for MDM deletes the [email protected] for macOS application and the uninstall script from the device, but does not prevent processes and scripts from running in the back end. To prevent processes and scripts from running in the back end, ensure that during device registration of new users or retirement of existing users, you deselect the Remove apps on un-enrollment(Applicable to managed apps only) option from the Ivanti Neurons for MDM administrator portal. This ensures that the uninstall script runs and deletes the associated processes and scripts from the back end. For more information, see [email protected] for macOS
• Permission text updated with categories: The Roles Management page now includes the category with the permissions. For more information, see Roles Management.
• Migrated Android Enterprise devices can switch to Ivanti Neurons for MDM-managed Google Play Store layout: The Google Play Store layout for Android Enterprise devices has a home page for migrated devices which is managed from Core and has a quick link to Ivanti Neurons for MDM that displays all the applications that are managed from Ivanti Neurons for MDM. Starting from Ivanti Neurons for MDM release 80, when you migrate Android Enterprise devices from Core to Ivanti Neurons for MDM, only the applications that are common between Core and Ivanti Neurons for MDM App Catalog are listed in the work profile Google Play Store of the device. You can click on the Ivanti Neurons for MDM button to view all the applications that are available in Ivanti Neurons for MDM App Catalog. For more information, see App Catalog.
• Connector pop-up message: If an administrator logs in to an Ivanti Neurons for MDM environment with a Connector version less than 74, Ivanti Neurons for MDM displays a pop-up message advising to upgrade the Connector to version 74.

Android features

• Redesigned Email+ tiles in App Catalog: The Email+ (Android Enterprise) tile is more consistent with other tiles.
• Auto-launch on install option: The Auto-launch on install option is now available for Public, Private, and In-house apps in the Managed Play App Configuration section. For more information, see Managed Configurations for Android.

iOS, macOS, and tvOS features

• macOS System Extension configuration: macOS System Extension configuration allows system extension such as Driver Extension, Network Extension and Endpoint Security Extension to be installed without kernel-level access. For more information, see macOS System Extension configuration.
• User Onboarding Branding for macOS: Administrators can now set custom icon, brand name text, and text color for the user on-boarding screen. For more information, see Admin > Branding > User Onboarding Branding.
• AirPlay Configuration for macOS: AirPlay configuration is now supported on macOS 10.10+ devices to display media on another Apple device using AirPlay. Airplay Configuration allows to set the list of Airplay destinations available to a device and set password to connect to the destination devices. For more information see AirPlay Configuration.
• Per-App VPN added to configurations: In iOS 14+, administrators can add a Per-App VPN configuration for network communication within the following configurations:
  • CalDAV configuration
  • CardDAV configuration

  For more information, see CalDAV Configuration and CardDAV Configuration.

Windows features

• Support for Windows 11: Devices upgraded to Windows 11 report OS version as Windows 11. As per Microsoft design, Edition and Platform, OS Platform and OS Edition, report as Windows 10.