New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Enhanced identification of policy violations: Starting with this release in Ivanti Neurons for MDM, you can assign custom policies to identify policy violations for retire-pending and wipe-pending devices. For more information, see Custom Policy.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Support for MTD activation and MTD anti-phishing rules: Admins can now create rules based on the MTD activation status and also MTD anti-phishing protection status. These attributes are now available in the rule builders for the Policies, Devices, Reports, Device Groups, Spaces, and Configs. The following attributes are added:
-
Anti-phishing native status
-
Anti-phishing status
-
Anti-phishing VPN status
-
MTD activation status
-
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
New App URL option in App Catalog Details: Administrators can copy the application URL to the clipboard, allowing them to quickly share it with end-users for easier identification of the apps they need to download.
To access the App URL option:
-
Go to Apps > App Catalog > Details.
-
Click Copy link to clipboard.
- From the Devices section, select the desired device and click on Actions > Send Message.
The message is sent either as a push notification or as an email. Once the message is sent to the device, the user can click the link, which redirects to the app details to install the application.
-
Android features
-
Added a new attribute in the rule builder for Android or ChromeOS based devices: Starting with this release in Ivanti Neurons for MDM, the attribute Public IP Address is added to the rule builders of Device Groups, Custom Policy, and Advanced Search > Devices. Ivanti Neurons for MDM displays the device's IP address, and if the device is connected to a VPN connection or a proxy server, it shows the proxy WAN IP address.
iOS, macOS, and tvOS features
-
New option Rotate the FileVault Key added to FileVault 2 configuration: This feature allows the admins to configure periodic rotation of FileVault keys for macOS devices to mitigate security risk of the deployed devices. Admins can set the rotation interval in terms of days. The feature is available for macOS 10.9+ devices. For more information, see FileVault 2.
Windows features
-
Introduction of Windows AI Management configuration for Windows devices: Starting with release in Ivanti Neurons for MDM, administrators can manage Window AI settings and configurations that enhances creativity and productivity in Windows devices. For more information, see Windows AI Management Configuration.
-
Multi app Kiosk supported for Windows 11 devices: The multi app kiosk is now supported on Microsoft Windows 11 devices. In Microsoft Windows 11, the "Hide Taskbar" option is not supported.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
-
Support for MTD activation and MTD anti-phishing rules: Admins can now create rules based on the MTD activation status and also MTD anti-phishing protection status. These attributes are now available in the rule builders for the Policies, Devices, Device Groups, Spaces, and Configs. The following attributes are added:
-
Anti-phishing native status
-
Anti-phishing status
-
Anti-phishing VPN status
-
MTD activation status
-
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
- New Optional Quarantine action: A new Optional Quarantine action, 'Remove all configs except the following'is available now to remove all configurations with few exceptions. For more information, see Working with Policies.
- Managed App Configuration updates: The administrator now has the option to update the configuration with the latest features. For more information, see Managed Configurations for Android.
- Enhancement in Device Actions: A new permission Start TeamViewer Session is added to the Device Actions section. This option allows the administrator to create a custom role, which provides permission to initiate a TeamViewer session. For more information, see Roles Management.
- New option in Quarantine Actions: A new option Remove all apps except the following is added in the optional additional quarantine actions to remove all applications except those that are added to the application list. For more information, see Working with Policies.
- Improvised options to notify policy violations to administrators: Starting with this release of Ivanti Neurons for MDM, you can configure it to notify the administrators if the device owner violates the policy rules. Additionally, you can configure to notify multiple administrators in case of policy violations. For more information, see Custom Policy.
- Enhanced options to export app-specific information: Starting with this release of Ivanti Neurons for MDM, you can export information about all the applications or a specific application linked to a device from the App Inventory. For more information, see App Inventory.
- Added a new attribute in the rule builder: Starting with this release, the attribute Device Group is added to the Dynamically Managed device group.
- Device groups within the same space are listed in the drop-down for selection.
- Device group creation is only allowed at level one.
- If you delete a child device group and there are no other rules added to the parent device group, the parent device group will also be deleted.
- If there are rules assigned to the parent device group (other than the child device group), only the rule associated with the child device group is removed, and the parent device group is not deleted in this scenario.
-
Support to allow bulk enrollment using QR code: You can now register devices using QR code for bulk enrollments.
-
Support of substitutional variables: Substitutional variables are now supported for username and password fields for Cellular and APN configurations on IOS and Android platforms.
-
New "Location" field is added to default GDPR profile: When "Location" is selected in the GDPR profile and assigned to a user group, then the Device Location fields Last located on, Latitude and Longitude are masked in the device details for the users who are part of that user group.
- Updates to the Retire and Wipe actions on the Self-Service Portal and Admin Portal: The Retire and Wipe actions have been updated on the Self-Service Portal and the Admin Portal to only allow feasible options based on device registration status, with the following changes:
Self-Service Portal:
Removed the Wipe action for devices in Work Profile mode.
Removed the Retire action for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Admin Portal:
Disabled the Retire and Wipe enabled on the Device Details page for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Enabled the Retire and Wipe disabled on the Device Details page for devices in Work Profile mode.
Note:
If a device is in a Wiped or Wipe sent or Retired or Retire sent state, then the Retire and Wipe actions will be disabled.
If a device is in a Retire pending state, Wipe is disabled, whereas Retire is enabled.
If a device is in a Wipe pending state, Retire is disabled, whereas Wipe is enabled.
iOS, macOS, and tvOS features
-
New restriction added to iOS Restrictions config:
-
Allow Marketplace App Installation: The allowMarketplaceAppInstallation restriction is used to prevent app downloads from alternative marketplaces. This Restriction when set to false, will prevent users from installing new alternative marketplace apps and apps installed from those marketplaces.
-
Allow Live Voicemail: The allowLiveVoicemail restriction is added to disable live voicemail on the device.
-
Force Preserve ESIM on erase: The forcePreserveESIMOnErase restrictions is added to preserve eSIM when the system erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset.
For more information, see iOS Restrictions.
-
-
Delegation with custom distribution is enabled for iOS restrictions configuration: The global administrators can now delegate space administrators to edit the configuration for All Devices and for the Custom distribution option. For more information, see iOS Restrictions.
The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.
-
New column added for Apple devices: The new field Device Type (Apple) is added for iOS and macOS devices in the following places:
-
Devices > Device Groups > rule
-
Advance Search > rule builder
-
Custom Policy > rule builder
-
App Distribution Filters > rule builder
-
Spaces > rule builder
-
-
The Control Media Configuration is deprecated: The "Allowed Media Control" configuration is deprecated by Apple. This configuration is now disabled on the Ivanti Neuron for MDM.
- Provide bundle identifier: The Provider bundle identifier field is available when the Connection Type is selected as Custom SSL to manage the Per-App VPN.
Windows features
- Support for Recurring Windows Scripts and Actions configurations: The administrator can now enable the recurring execution of scripts with the following new settings:
- execution daily or on certain days of the week
- time when the script should be executed (first check-in after configured time)
- execution interval start and end dates
- 'run at least once' flag to trigger a single execution even after the 'execution end' date if check-in did not happen during the configured intervals
- New options in Windows Software Update configuration: Starting with this release, new options are added to Branch to install updates from drop-down. New nodes are added into the Windows Software Update configuration to configure active hours for automatic Windows updates and restarts. For more information, see Software Updates.
- Public IP Address of devices: The Public IP Address of the ChromeOS devices is now visible under the Device Details section.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Restriction on assigning users to a SCIM provisioned group: The administrator cannot assign users to an existing SCIM provisioned group. When the administrator tries to assign one or more users to the existing SCIM group, a pop-up appears on the screen indicating that the selected user or users cannot be assigned to the SCIM group.
-
Enhanced delegation options for Custom distribution: Starting with this release in Ivanti Neurons for MDM, you can now enable or disable Ivanti Tunnel configuration across spaces for User/User Groups and Device/Device Groups using the Custom distribution option, which helps the administrators manage the distribution for a specific space. For more information, see Tunnel.
-
Enhancement to Connector and SCEP CA requests and responses: If an on-premises certificate request fails for any configuration utilizing Identity Dynamically Generated (IDDG) at the Connector or SCEP server, the following actions take place:
-
No additional requests will be sent to the SCEP server for the subsequent 5 minutes.
-
If on-premises certificate failure persists, further requests will be blocked for 50 minutes, and then for 500 minutes, if the issue persists.
This feature operates at the IDDG level, and configuration retries happen on receiving a retriable error code from Connector. Configuration retries will be attempted for a maximum of 5 times. If the certificate request fails for a specific IDDG after a request blockage of 500 minutes, the whole process restarts from the beginning.
-
-
Support to automatically add SID to DigiCert ONE certificates: Starting from this release, if any of the following certificates expire, the SID will be automatically added to the certificate during the automatic renewal for LDAP users:
- Local Certificate Authority
- On-premise SCEP Certificate Authority
- Intermediate Certificate Authority
This option is supported on Ivanti Neurons for MDM Connector 93 and later versions only.
- Improved search results for App Catalog: The App Catalog search results will now exclude the app results based on the App Description, Developer name, and What's New.
-
Enhanced certificate revocation list (CRL) capability: The CRL capability is now enhanced and is always available including the downtime during upgrades.
Android features
-
No dependency between AOSP and Android Enterprise: Starting with this release in Ivanti Neurons for MDM, there is no dependency to enable Android Enterprise on your Ivanti Neurons for MDM tenants for work managed devices Non-GMS mode (AOSP).
-
Enhanced configuration settings for Android Enterprise devices: Starting with this release in Ivanti Neurons for MDM, you can efficiently manage the Android Enterprise device distribution settings by selecting the checkbox before confirming the distribution changes in Android Enterprise deployment settings, which may cause devices to retire or wipe. For more information, see Editing the Android Enterprise default configuration.
-
Bulk Enrollment token expiry setting: The administrator can refresh the Bulk Enrollment token to extend the validity for a maximum of 999 days or it can be set to Never expires. The default timeline of a token continues to be 7 days. For more information, see Bulk Enrolling devices using CSV file upload.
-
New option in Android Advanced Passcode Configuration: A new option, Enable Keyguard Shortcuts, applicable on Android 14 devices, is added to the Managed Keyguard Features section. For more information, see Advanced Android Passcode and Lock Screen.
iOS, macOS, and tvOS features
-
New column added for Apple devices: New column Device Type (Apple) is added to the Device Listing page to display the pretty model name for all Apple devices.
Windows features
-
Enhanced configuration settings for Windows 11 Start menu and Task Bar: Starting with release in Ivanti Neurons for MDM, you can efficiently configure to enable and disable various option in the Windows 11 Start menu and Task Bar. For more information, see Start Menu and Task bar.
-
Improved Windows Update Configuration: Starting with this release in Ivanti Neurons for MDM, you can specify the details for Product Version and Target Release Version while updating the Windows version on the device. For more information, see Software Updates.
-
Enhanced classifications to manage Windows updates: Starting with this release in Ivanti Neurons for MDM, you can classify the Windows update into Driver Updates and Upgrade in the Classification column. For more information, see Windows10 Update Management.
-
Additional support for HoloLens2 devices: Starting with this release in Ivanti Neurons for MDM, you can now prevent users from manually configuring the Wi-Fi settings for HoloLens2 devices operating with the Windows 10+ operating system.
-
Improved capabilities for Ivanti Bridge: Starting with this release in Ivanti Neurons for MDM, administrators can now view the latest version of Ivanti Bridge with version 2.1.419.0 after importing it into the tenant's catalog. For more information, see Bridge.
-
New configurations added for PolicyDrivenUpdateSource: Added the following configuration options for PolicyDrivenUpdateSource to enable the ability to choose Windows Update sources by update type:
-
SetPolicyDrivenUpdateSourceForDriverUpdates
-
SetPolicyDrivenUpdateSourceForFeatureUpdates
-
SetPolicyDrivenUpdateSourceForOtherUpdates
-
SetPolicyDrivenUpdateSourceForQualityUpdates
For more information, see Software updates for Windows 10+ devices in the Software Updates section.
-
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Added a new attribute in the rule builder: Starting with this release, the attributes IMEI and IMEI2 are added to the rule builders of Advanced Search > Devices, Device Groups, Distribution Filters, and Spaces.
-
Support to view SCIM Token updates: Any changes made to the SCIM Token can now be viewed under the Audit Trials section. For more information, see User Provisioning - Azure Active Directory.
Android features
-
Improved device cleanup settings: Starting with this release, you can manage Delete Wipe Pending Devices for Android Managed Device with Work Profile, Work Managed Device, or Work Profile on Company Owned Devices. For more information, see Device Cleanup Settings.
-
Enhanced configuration settings for Android 13.0+ devices: Starting with this release, Ivanti Neurons for MDM prevent users from sharing Wi-Fi configurations set by the administrators. For more information, see Lockdown and Kiosk: Android Enterprise.
iOS, macOS, and tvOS features
-
New prefix(authsrv) added in service dropdown for Associated Domains configuration: Ivanti now provides the ability to add domain URL with a prefix authsrv which is required by Okta. This was not supported by Apple.
-
Skip Enable Lockdown Mode and Skip Wallpaper selection restrictions added: Two new restrictions Skip Enable Lockdown Mode and Wallpaper selection added for macOS (DEP). For more information, see Device Enrollment.
-
Global Proxy configuration in now available for macOS: With Global Proxy Configuration users can now configure macOS devices to forward HTTP traffic to a proxy server for network access and security purposes.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Support for Kerberos authentication: Ivanti Neurons for MDM supports Kerberos authentication to communicate between Ivanti Neurons for MDM and Microsoft SCEP servers. For more information, see Enable Kerberos Authentication between Ivanti Neurons for MDM and SCEP server.
-
Improved advanced search capabilities in the App Catalog: The Advanced Search capabilities in the App Catalog have been improved by adding the following rules to fetch the apps that match very closely with the app attributes:
-
Date Modified
- Device Distribution
-
Device Group Distribution
-
Group Distribution
-
Provisioning Profile
-
User Distribution
For more information, see App Catalog.
-
-
Added a new attribute in the rule builder: Starting with this release, the attribute OS With Version is added to Advanced Search, rule builders, and distribution lists for Spaces, Devices, Device Groups, Policies, and Configurations.
-
Sync now device compliance action: A new device action, “Google BC Device Compliance Status Sync” is supported now.
Android features
- Retiring Ownership of a device: Administrators can no longer relinquish the ownership of a device in Work Profile on Company Owned Device mode. Instead, the device ownership can be retired to remove the corporate data only. For more information, see Retiring Ownership of a device.
- Kiosk inactivity duration: Administrators can now set the kiosk inactivity duration until the kiosk remains active. For more information, see Lockdown and Kiosk: Android Enterprise.
- Displaying the Android shared kiosk device information: The Kiosk mode has been renamed to Kiosk State and a new option, “Kiosk Types” is now available for Shared Kiosk devices. The Shared Kiosk device information like Kiosk State, Kiosk Type, etc. is available under the Device Details section. For more information, see Setting up an Android shared kiosk.
- Disabling network reset on Android Enterprise devices: A new lockdown setting, Disable Network Reset, is now available to restrict the network reset for devices on Work Managed, Work Managed AOSP, and Managed Device with Work Profile modes. For more information, see Lockdown and Kiosk: Android Enterprise.
- Play Integrity Attestation updates: When the Play Integrity configuration is pushed to the Android devices, the devices on version 14 or later will receive the Play Integrity Attestation updates. Android devices on versions before 14 continue to receive the SafetyNet Attestation updates.
- Wipe option in Work Profile mode: The Wipe operation cannot be performed on Work Profile devices because it is not feasible now. Instead, the administrators can use Retire action to remove the device from active MDM management.
-
Updated the Device Details > Logs content: Starting with this release, the names of the applications are now visible during the install and uninstall events for Android apps in the Devices > Details > Logs tab, which is now consistent with the other application events.
-
Improved scheduling configuration of in-house Android applications: Starting with this release in Ivanti Neurons for MDM, you can now granularly schedule time-based installation of in-house Android applications based on the device's local time zone. For more information, see Working with Configurations.
iOS, macOS, and tvOS features
- Introduced Energy Saver configuration for macOS devices: Administrators can now push Energy Saver configuration to macOS devices to enable users to specify energy saver settings on the device. For more information, see Energy Saver Configuration.
- Support for multiple macOS System Extension configurations: Multiple configuration capability is added to macOS System Extension configuration. The admins can now push more than one macOS System Extension config per device.
- New "Refresh Location" option added to Lost Mode: The Refresh Location option is added to Lost mode to view device location. The location details are fetched from device and following details are displayed:
- Latitude
- Longitude
- Timestamp
For more information, see Performing lost mode actions section under Managing devices in Apple lost mode.
- New "Notification" configuration added: New Notifications configuration, giving the admin an option to configure silent and visible notifications configurations for iOS devices. This configuration can be cloned, exported, and deleted.
- New fields added for Tunnel configuration: The admin can now set or unset the following properties in VPN configuration:
- Enforce Routes
- Exclude Local Networks
- Include All Networks
- Managed Device Attestation is now available for macOS 14: Managed Device Attestation allows Mac computers to use the Secure Enclave and Cryptographic Attestations to provide strong assurances about their identity and security posture. This helps prevent attackers from extracting credentials, legitimate devices, or lying about the properties of a device.
- Support for IPv6 addresses: Support to group devices based on their IPv6 addresses added to Device groups and Space rule builders.
-
Minimum enrollment version for iOS 17 and macOS 14: The admins can now set a minimum required OS version for device enrollment. If device doesn't meet the minimum OS version criteria, then the enrollment is blocked.
The user will see the Software Update prompt to update the device to the desired OS version. After that is complete the enrollment will continue. Under the Admin> Apple> Device Enrollment > Create DEP Profile > Edit device enrollment profile, two new sections iOS 17+ and macOS 14+ are added with the following fields:
-
Require minimum OS version for enrollment option
-
Minimum iOS or macOS version
-
Minimum Build version
-
Message
For more information, see Device Enrollment.
-
-
Support for Automatic re-enroll after Wipe action: The admin can now configure devices to automatically re-enroll after the data was erased, so customers don’t have to re-enroll the devices manually after a wipe. The following two fields are added:
-
Enable Return to Service
-
Wi-fi profile data dropdown: The Wi-Fi profile that installed after erasure, when using Return to Service. This is required when the device doesn’t have ethernet access.
The user needs to deactivate all activation locks. Also, currently this is applicable only for iOS devices enrolled in DEP mode
For more information, see Wiping a Device.
-
Windows features
-
Enhanced Windows Restrictions Configuration: New restrictions are added to the Windows Restrictions Configuration. The new restrictions are applicable to all versions of Windows and Windows 10+ devices. The new restrictions are as follows:
-
Disable Wi-Fi
-
Disable screen capture (Desktop only)
-
Disable USB mass storage (HoloLens only)
-
Disable user from setting the device lock grace period (HoloLens only)
For more information, see Windows Restrictions.
-
-
Improved devices details information: Starting with this release, the Firewall Status for Windows devices will populate in the Devices > Device details > Overview tab. For more information, see Getting Started with Devices and Configuration Types.
-
Device Actions for Windows Devices on Device List: Starting with this release, you can access Scripts and Actions via Ivanti Bridge after selecting a device from the Devices > Actions button. For more information, see Getting Started with Devices.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Search capability introduced for apps in Available Apps at the device level: Administrators can now search for the following details of applications from Device > Device Details > Available Apps. For more information, see Displaying detailed device information > Available Apps in Getting Started with Devices.
-
Cloud Certificate Authority password length increased: The password length for the Cloud Certificate Authority password is increased from 30 characters to 64 characters.
-
Improved performance: The App Inventory Data source is updated in an effort to improve performance. Now we use Elastic search to pull information to devices instead of Database search.
-
New option "Set up SMTP Email Configuration" is added: New option to set up an SMTP configuration added to the Admin> Branding > Email settings section. For more information, see Branding Email Templates.
-
Change in user interface: Under the Dashboard > Create a Report > Report Type, the Most used Apps field is renamed to Most Installed Apps field.
-
New option added to stop macOS and Windows app version downgrade: In the installed App Configuration tab under the Device Installation Configuration section new option "Do not require specific app version" option is added to avoid downgrading to a lower app version.
Android features
- Upgrading the Zebra firmware: Upgrades within the same version (starting 11.x) of Android will only direct the client to download the "true-delta-package" and if the "true-delta-package" is not available, the server will provide the client with a full upgrade URL.
- Add more CSV files during Bulk Enrollment: Administrator can use the Add more devices option to add more devices using CSV files during the Bulk Enrollment process. For more information, see Bulk Enrolling devices using CSV file upload.
- Battery attributes for Custom Policy: When creating a custom policy, the battery attributes information is also included when defining the conditions using Rule Builder. For more information, see Custom Policy.
- 5G Network Slicing option: The 5G Network Slicing option is only supported on Work Profile Devices with Android 12 and later versions. 5G Network Slicing Enabled option under the Device details page displays NA for Android devices below version 12.
-
Updated the Device Details > Logs content: The install application events for Android apps, visible under Device Detail > Logs tab now contain the app display version which is consistent with the other application events.
iOS, macOS, and tvOS features
- Account Driven User Enrollment is supported for macOS devices: macOS devices can now leverage Account-Driven User Enrollment. This feature helps simplify the enrollment process of personal macOS devices. For more information, see Account driven User Enrollment.
- Support for Cellular Private Network Geofencing: Ivanti Neurons for MDM now supports Cellular Private Network for iOS devices. This configuration provides device information on private network deployments, including geographical location, preference over Wi-Fi, and network deployment type. For more information, see Cellular Private Network Configuration.
- New Platform SSO fields are added to Extensible SSO configuration: The Extensible SSO configuration now has new fields to support additional platform SSO settings for macOS 14.0+ devices and to support local account creation at login. For more information, see Single Sign-On Configuration.
- Introduced Network Relay configuration: Administrators can now push Network Relay configuration instead of VPN configuration to enterprise devices to define settings for network relays. Relays can be configured at the device or app level. For more information, see Network Relay Configuration.
- Ability to add Network Relay configuration enabled: New app configuration Network Relay added at the device and app level. to choose the relays same as content filters and DNS proxy. Apps that support relays can leverage this configuration to access private data or company resources. Currently this is available on devices with iOS for 17 and later. For more information, see Configuring Network Relay under App Configuration section.
- Enabled Cellular 5G Slicing configuration: Support for 5G network slicing configuration is added for iOS apps, where the individually managed apps are assigned to a network slice that provides a specific network capability and characteristic to optimize the app experience. For more information, see the Configuring Cellular 5G Slicing section under App Configuration.
- 'Lost Mode Enabled' rule is added: New rule 'Lost Mode Enabled' added for advanced search query on the Device Details, Device Groups, Spaces, Policies, and Configurations pages for easy identification of a lost device. For more information, see Managing Spaces.
Windows features
- Support to add policy details for Windows applications: Starting with this release, you can now add policies for Windows applications in Allowed Apps. Administrators can create compliance polices based on specific applications. Policies can block, quarantine, retire, and send messages according to devices. For more information, see Monitoring and Controlling Allowed Apps.
- Optimized Windows support: Removed support for Windows 8.1, Windows Phone 8.1, Windows 10 Mobile, and Edge Legacy.
ChromeOS features
- Deleting the Google Admin Console integration: Administrators can now delete the Google Admin Console integration with Ivanti Neurons for MDM. For more information, see ChromeOS and Ivanti Neurons for MDM.
![Closed](../Skins/Default/Stylesheets/Images/transparent.gif)
General features and enhancements
-
Manage Apple ID is off by default in User Provisioning: Starting from the current release, the Managed Apple ID option is off by default on the Admin > Identity > User Provisioning page. For more information, see User Provisioning-Azure Active Directory.
-
Support for Azure device compliance for macOS devices: Ivanti Neurons for MDM now supports Azure device compliance for macOS devices. For more information, see Creating a partner device compliance policy.
Existing tenants that have already connected with Azure, and want to add device compliance for macOS devices, must disconnect the account and re-establish the connection.
- App distribution status: The app distribution details like the number of eligible devices, etc. can be viewed under the Devices Summary tab. For more information, see Viewing App Details.
- Google BeyondCorp Partner Device Compliance support: The BeyondCorp Partner Device Compliance is now supported with Ivanti Neurons for MDM. The admin must make sure that the Google apps are installed on the device, and that the user logs into the apps before the device is configured for conditional access with Google BeyondCorp. This is a Google limitation. For more information, see Creating a partner device compliance policy and Getting started with Devices.
-
Optimize Export to CSV for Reviews: You can now export the app reviews using the Export to CSV option from the Reviews page. After the download is complete, you will be prompted with an option to either Download or Delete the report. For more information, see Reviews.
-
Improved viewing and navigation options for App Configurations: Starting with this release, you can now view all the associated configurations for the app in Device Details and navigate from Device Details to App Configurations in Ivanti Neurons for MDM. For more information, see Getting started with Devices.
Android features
- Support to use screen share option from the Ivanti Go app: The users can now share the screen from Ivanti Go app to perform any troubleshooting tasks or to view the documentation. For more information, see Privacy Configuration.
- Support to assign DPC extras as custom attributes: The administrator can now assign DPC extras as custom attributes when enrolling devices. A maximum of three DPC extras can only be assigned as custom attributes.
- Enabling the Domain field for PEAP: When upgrading Android 14+ devices to Ivanti Neurons for MDM 94, the domain field must be made available for PEAP. The Administrator must edit the Wi-Fi configuration and update the domain and certs before upgrading to 94. For more information, see Wi-Fi Configuration.
- Cancel Wipe action on Work Managed Devices: The Wipe action can be cancelled for Work Managed Devices in DirectBoot mode.
- Single App launcher Kiosk: The administrator can now enable the Single App launcher Kiosk setting "Allows to use Kiosk mode" to keep an app in the foreground on GMS and non-GMS devices. For more information, see Privacy ConfigurationLockdown and Kiosk: Android Enterprise.
- Android App Management: The administrators can now edit the App Delegation option to stop delegating an app from the App Catalog. This will impact the app in all its delegated spaces. For more information, see Delegating Apps.
iOS, macOS, and tvOS features
-
Support to enable passcode regular expression: A new field- Enable Passcode Regular Expression is added to the Create Passcode Configuration. The passcode payload enables the Ivanti Neurons for MDM administrator to specify a password policy as a regular expression in macOS. This is applicable for devices containing macOS 14+. For more information, see Passcode Configuration.
-
SIM Service Subscriptions section displays new fields: Starting from the current release the following values are populated from the SIM Service Subscription section on the Device details > Overview tab to the following missing fields:
-
Is Roaming
-
Subscriber Carrier Network
For more information, see Getting started with Devices.
-
-
Support to enable File Vault during SetupAssist: Administrator can now enable the file vault during SetupAssist to encrypt the device before users login. A new option Enable File Vault at SetupAssist is added to the File Vault Configuration. Profile. For more information, see FileVault 2.
-
Ivanti Neurons for macOS app is available on App Catalog: The Ivanti Neurons for macOS Agent is available in Business Apps in the AppCatalog. The administrator can add and deploy the Ivanti Neurons for macOS Agent as an in-house app through Ivanti Neurons for MDM on macOS devices. This agent allows macOS devices to connect to the Ivanti Neurons platform.
Registering macOS Agent with Neurons:
- Navigate to Admin > Scripts > All Scripts.
- Add the following script (the script is taken from Ivanti Neurons > Admin > Agent Management.
- Now, add the Ivanti Neurons Agent app to the App Catalog and select the script in the post-install script.
- Once the Neurons agent is installed on the device, there is a folder "/usr/local/com.ivanti.cloud.agent/IvantiAgent” created by the Neurons agent installer.
- Post that it will prompt for the other services to install and setup, like remote control, etc.
- To uninstall the agent from the device, run the following query:
Copy"/usr/local/com.ivanti.cloud.agent/IvantiAgent/bin/stagentctl uninstall".
-
New restrictions are added to macOS Restrictions Configuration: New restrictions are added to the macOS Restrictions Configuration and this is applicable for devices that contain macOS 14+. For more information, see macOS Restrictions.
- Support to display battery and model number: Apple has introduced the ability to query the model number and battery status. You can view the following fields from the Device Details page:
- Has Battery (iOS 13.3+)
- Model Number (macOS 13.3+ and iOS 16.4+)
For more information, see Getting Started with Devices.
- Support for Azure device compliance for macOS devices: Ivanti Neurons for MDM now supports Azure device compliance for macOS devices. For more information, see Creating a partner device compliance policy.
Note that this will uninstall the agent, but it won't remove the device from the device list in Neurons - that would currently be a manual process in the Neurons web console.
Windows features
-
Support to add policy details for Windows applications: Starting with this release, you can now add policies for Windows applications in Allowed Apps. For more information, see Monitoring and Controlling Allowed Apps.
-
Optimized Windows support: Removed support for Windows 8.1, Windows Phone 8.1, Windows 10 Mobile, and Edge Legacy.
ChromeOS features
- Support to upload ChromeOS Blueprint Configuration files: Administrators can now upload the ChromeOS Blueprint Configuration files to Google Cloud. For more information, see ChromeOS Blueprint Configuration.