New features summary

MSI Product Code Warning: Admins with the System Management role in Ivanti Neurons for MDM can now assign custom roles to others. This ensures that role management continues even if super admins are unavailable, giving System Management admins authority similar to super admins and reducing delays.

Enhanced Rule and Account Groups Limit: Limits have been established for rule and account group evaluations, capping them at 100 rules. This can resolve issues caused by large rule sets, prevent object mapper failures, and improve elastic search performance.

Auto Cleanup Improvements: In the Work Profile on Company Owned Device mode, Auto Cleanup is now supported for Retire the Retire Pending Device and Retire Device actions. For more information, see Device Cleanup Settings.

Speed based control for Kiosk devices: The Driver Safety option is now available to ensure the apps are enabled / disabled depending on the speed limit. For more information, see Lockdown & Kiosk: Android Enterprise.

Improved Lost Mode: The Lost Mode functionality has been improved to disable certain actions and options, thereby enhancing security and streamlining the user experience when a device is in lost mode. For more information, see Managing Android devices in lost mode.

Agentless Script execution: Ivanti Neurons for MDM -managed background tasks have been added to macOS 15, enabling secure deployment of executables, scripts, and configuration files in a tamper-resistant location. With Declarative Management support, scripts can be executed without an agent, either once or on a scheduled daily or weekly basis, streamlining persistent service management.

Simplified Service Discovery for ADDE: Starting with iOS 18.2, macOS 15.2, and Vision OS 2.2, Apple allows organizations to set an alternate Ivanti Neurons for MDM discovery destination if the default HTTP resource is unavailable. For more information, see Account-driven Enrollment.

Support for new restrictions on iOS 18.3 and macOS 15.3 devices: Ivanti Neurons for MDM now restricts external intelligence sign-in using allowedExternalIntelligenceWorkspaceIDs, disable transcription summarization in Notes with allowNotesTranscriptionSummary, and use allowVisualIntelligenceSummary to control whether Apple’s Visual Intelligence can generate summaries from images or visual content. For more information, see iOS Restrictions and macOS Restrictions

Set Default Browser configuration: The newly added Set Default Browser configuration changes the settings of default apps on iOS and visionOS devices. For more information, see Default Browser Configuration - iOS and visionOS.

macOS- Login Window Configuration: Administrators can now customize the login window behavior in macOS devices. For more information, see Login Window Configuration - macOS.

ADMX template updates: Win11 2024 has been updated for GPO configurations.

Standardized Date and Time format: The Date and Time format has been standardized throughout Ivanti Neurons for MDMusing ISO 8601.

New map provider for Admin and Self-Service portals: For the Admin and Self-Service portals, the map provider is changed from MapQuest to Google Maps.

Landing Page improvements: The Ivanti Neurons for MDM landing page has been improved to enhance the user experience, and to make it consistent with other Ivanti products.

Improved number for manual and scheduled reports: Previously, you could create a total of 5 (manual and scheduled) reports only. You can now create 5 manual and 5 scheduled reports each.

Enhanced Lost Mode: The Lost Mode functionality has been improved to disable certain actions and options, thereby enhancing security and streamlining the user experience when a device is in lost mode. For more information, see Managing Android devices in lost mode.

Enhanced Logging: Administrators will now be notified in the event of a device registration failure. This will help identify and understand the reasons behind unsuccessful registrations.

Shared Kiosk Activity details: The administrator can now get more details about the Shared Kiosk Activity within the device report details section.

Kiosk State and Kiosk Type filters: When either of these filters is selected with the "equals to" option, then only the devices in Kiosk mode will be shown in results. Work Managed devices do not appear in the results.

For the following filter combinations (Average established daily sessions, Daily login failures, and Average daily session), the search results will have all the devices or only Kiosk devices.

Support for Lost Mode Preview for Android Devices: This enhancement improves the Lost Mode functionality by enabling a preview of the lost mode for Android devices. If multiple devices are selected, administrators can navigate through the previews using a toggle button.

Webapps in Google iFrame after migration: This feature allows the administrator to enable the replication of Webapps between the Endpoint Manager Mobile (EPMM) and Ivanti Neurons for MDM. Webapps created in Ivanti Neurons for MDM will be replicated to EPMM directly and these can be distributed to the devices. However, to replicate the Webapps created on EPMM to Ivanti Neurons for MDM, contact the support team.

Preserve Data Plan option for Wipe Devices: When wiping a device, the option to Preserve Data Plan is selected by default. For more information, see Wiping a Device.

Management Server Capabilities - DDM: Custom Attributes are now supported in DDM Predicates. For more information, see Deploying Apple Devices.

Updated Ivanti Tunnel (On Demand) Configuration support: New fields EnforceRoutes, ExcludeLocalNetworks, and IncludeAllNetworks are added for VPN configuration in Packet Tunnel. Administrators can now enhance the tunneling of device wide traffic via Sentry. For more information, see VPN On Demand Configuration.

Custom Policy option for Autopilot-Enrolled devices: A new option, "Autopilot Enrolled" is now available when creating a custom policy. For more information, see Custom Policy.

Rate Limit: All Windows devices can now be checked into Ivanti Neurons for MDM only one time per minute.

Non-user registration for new Windows devices: Bulk enrollment is now supported for devices with single user created using the PPKG package. For more information, see Ivanti Bulk Enrollment.

Assign to User for bulk enrolled devices: Bulk enrolled devices can now be assigned to user from the Device Details page. For more information, see Ivanti Bulk Enrollment.

Improved Left Navigation: The left navigation menu has been improved to enhance the user experience, and to make it consistent with Ivanti Neurons and ITSM. For more information, see Unified Navigation.

Enhanced options to export device custom attributes: Users can export the device custom attributes from the App Inventory list to CSV file.
For more information, see Assigning Custom Attributes to Devices.

Play Integrity support: Play Integrity (SafetyNet) is now supported on all versions of Android devices. For more information, see Play Integrity (Previously SafetyNet Attestation).

Added new Device Enrollment options for iOS devices as follows:

• Skip Web Content Filtering Pane (18.2+)

• Skip Spoken Language (13.0+)

For more information, see Device Enrollment.

Added new Restrictions for iOS and macOS devices as follows:

• Allow External Intelligence Integrations

• Allow External Intelligence Integrations Sign-In

• Allow Default Browser Modification

• Skip Web Content Filtering Pane

• Allow Call Recording

• Allow Mail Summary

• Allow RCS Messaging

• Allow Media Sharing Modification

For more information, see iOS Restrictions and macOS Restrictions.

Enhanced Wi-Fi configuration support for macOS devices: The Disable MAC Address Randomization now supports macOS 15.0+ devices. For more information, see Wi-Fi Configuration.

Improved Single Sign-On configuration setting: Added Denied Bundle Identifiers configuration setting in Extensible single sign-on account settings for iOS and macOS devices. For more information, see Single Sign-On Configuration.

Support for automated device enrollment for visionOS devices: Use the Skip user login option to automatically enroll devices operating with visionOS platform. For more information, see Device Enrollment.

Enhanced User Settings: Added a new policy field Maximum number of Apple watchOS devices to pair with an iPhone for watchOS 10.0 + devices in Users > User Settings > Device Limit Setting, which limits the number of Apple Watches that can be paired with a device.
For more information, see User Settings.

Updated Extensible single sign-on Kerberos account settings: New fields are added for Extensible single sign-on Kerberos. Administrators can now configure the password and smartcard settings with these options.
For more information, see Single Sign-On Configuration.

Custom Policy option for Autopilot-Enrolled devices: A new option, "Autopilot Enrolled" is now available when creating a custom policy. For more information, see Custom Policy.

Rate Limit: All Windows devices can now be checked into Ivanti Neurons for MDM only one time per minute.