New features summary

General features and enhancements

• In-House App Enhancements: The in-house app upload UI has been updated to include a platform selection step before submission.

• Enhanced App Configuration: The app configuration Key Chain Certificate Alias dropdown now displays more than 500 certificates, making all tenant certificates visible and selectable.

• Automatic App Updates: The Enable MDM App Auto-Updates checkbox in the App Configurations > Install on device >Install Application configuration settings has been replaced by the Automatic App Updates dropdown. Select Always On to enable updates or Always Off to disable them.

  A new Store Settings option is also available as a placeholder for future Declarative Device Management (DDM) support. This currently has no functional impact.

• Platform Selection for App Uploads: When uploading an In-House app, users must now select the target platform (Apple, Android, or Windows) before choosing a file. This replaces the legacy auto-detection system that previously identified platforms based on file extensions like .apk, .ipa, or .exe. By defining the platform first, it enables a validation layer that ensures the uploaded file matches the intended target. This prevents cross-platform mismatches and ensures apps are categorized correctly from the start.
  For more information, see Adding an in-house app.

• Enhanced Certificate Management: This update introduces enhanced scalability for Android app management configurations. The certificate selection dropdown, accessible when converting standard text fields, now supports large-scale enterprise environments by allowing users to browse and select from more than 500 certificates.

iOS, macOS, watchOS, visionOS, and tvOS features

• Software Update Settings UI update: The restriction name has been updated from Rapid Security Response to Background Security Improvements. For more information, see Software Update Settings.

• Enhanced support for Apple Device Enrollment: Added a new Device Enrollment option that prevents a device enrollment profile from being applied when a device is restored from a backup on iOS 26+ and visionOS 26+ devices. This ensures the profile is only used during fresh enrollments, not during backup restores. For more information, see Device Enrollment.

• Support for executing macOS scripts: You can now run macOS shell scripts on managed macOS devices directly through Device Actions in Ivanti Neurons for MDM. This enhancement gives admins a faster and more reliable way to trigger script execution without manually deploying configurations or relying on separate workflows. It also improves day‑to‑day device management by allowing quick troubleshooting, automated maintenance, and targeted remediation actions as needed. For more information, see Mobile@Work for macOS.

• Software Update Settings UI update: The restriction name has been updated from Rapid Security Response to Background Security Improvements.

  For more information, see Software Update Settings Configuration.

• DDM Passcode Setting Declaration: This update introduces a hybrid distribution model for Passcode settings, enabling a transition from traditional MDM (XML P-list) to the modern DDM (JSON) framework. While the UI remains unchanged for core settings like passcode length and complexity, the backend now supports new DDM predicates for iOS and macOS to ensure platform-specific compatibility. The Passcode configuration is now officially tagged as DDM Supported, appearing correctly when users filter the "Add+ Config" screen by DDM capability.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.

General features and enhancements

• Support to preserve custom attributes: Device Custom attributes can now be preserved even if the device is wiped or retired. When adding a device attribute, a new option, "Preserve attribute" is available to save the custom attribute.
  For more information, see Attributes.

• Support for Version Information: The User Account details section now includes a Version Info field that displays the current app version.

iOS, macOS, watchOS, visionOS, and tvOS features

• Managing Single App Mode using DDM: DDM now supports any new Single App Mode configuration and locks the device to a specified application. These configurations support Predicates, enabling conditional activation so the configuration applies only when certain attributes are present or conditions are met. Existing configurations remain unaffected, ensuring backward compatibility and a consistent deployment experience.

• Disable device reconciliation: By default, Ivanti Neurons for MDM reconciles Apple devices that are unenrolled and later re‑enrolled back to their original record, preserving the device’s lifecycle history even if a different user enrolls the device. Administrators can now disable this reconciliation. Only when reconciliation is disabled will new registrations generate separate device records and a new UUID for each enrollment. Existing devices in the system are not impacted; this setting applies to future enrollments only. For more information, see Apple Settings.

• "Raise a Support Ticket” button for Ivanti iOS Clients: Administrators can now add a "Raise a Support Ticket" button to the Support tab in the Ivanti Go iOS app. In Ivanti Go Settings, admins enable the button and provide the URL to their help desk or ticketing portal. Once enabled, users can quickly tap the button to be redirected to the support site, making it easy to find where to go when help is needed.

  The Raise a Support Ticket button only redirects to your chosen URL and does not handle authentication or create tickets within your system. Users will sign in or submit tickets according to your portal’s setup.

  For more information, see Ivanti Go Client Settings.

Windows features

• Google BeyondCorp support for Windows: Ivanti Neurons for MDM now supports Google BeyondCorp for Windows devices to create Partner Device Compliance and it provides compliance data to Google for devices in Google Workspace. For more information, see Google BeyondCorp Configuration.

• Pre-install version detection for EXE deployments: A new deployment option, check existing version on device, adds a detection step before installation. This prevents unintended downgrades and unnecessary reinstalls, especially for self-updating apps. For more information, see Managing Windows Applications.

• Support for All Scripts : Users with System Management role can now create, upload, or manage scripts that can be used in configurations and distributed to devices. For more information, see Scripts and Ivanti Bridge.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.