New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.

General features and enhancements
-
Enhanced Rule and Account Groups Limit: Limits have been increased for rule and account group evaluations, capping them at 200 rules. This can resolve issues caused by large rule sets, prevent object mapper failures, and improve elastic search performance. .
-
Dual Certificate Support for Sentry-Tunnel Communication: To mitigate service disruptions caused by certificate expiration, a new Add second certificate field has been introduced. This enhancement allows administrators to upload and link two certificates—a primary and a secondary (reserve)—to a Sentry profile. Additionally, the expiry date of each certificate is now displayed, enabling proactive tracking and timely renewal, ensuring uninterrupted Tunnel-to-Sentry communication.
For more information, see Setting Up AppTunnel.
-
Enhanced Audit Trail Export Security: The Audit Trail Export feature now supports additional secure algorithms for SFTP connections:
-
Key Exchange: Added support for curve25519-sha256
-
HMAC: Added hmac-sha2-256 and hmac-sha2-512
These enhancements improve connection security. For more information, see Exporting Audit Trails.
-
Android features
-
Samsung Knox Mobile Enrollment updates: Samsung Knox Mobile Enrollment can now be integrated with Ivanti Neurons for MDM and administer all devices from Bulk Enrollment.
For more information, see Using Samsung Knox Mobile Enrollment.
-
Support to Hide and Suspend Apps: From the App Configuration section, apps can now be hidden or suspended on fully managed devices.
For more information, see App Configuration.
-
Support for Secondary SIM Attributes on Android devices: The system now captures and displays Phone Number 2 and ICCID 2 for dual-SIM Android devices. For Android devices on version less than 13, NA for Phone Number 2 and ICCID2 will be shown. In case of devices in Work Profile mode, the ICICD2 value will also be shown as NA. These attributes are visible in Device details, Advanced search, and Custom reports in Fully managed device mode and Work profile on company-owned device mode.
-
App Deployment Workflow for Android Enterprise: Administrators can now initiate app installations and updates using step-by-step workflow in the App Catalog. The process includes targeted delivery based on app presence, user group selection, and compatibility, with real-time confirmation and visibility into actions via audit trails. For Public and Private apps, only installation (not updates) can be triggered through this interface.
For more information, see App Configuration.
iOS, macOS, watchOS, visionOS, and tvOS features
-
Apple DDM Filter for DDM Configs: A new filter Apple DDM (Declarative Device Management) with the option Supported has been added under Configurations > Add Configuration to help identify DDM-related configurations more easily in the UI. This enhancement improves the user experience by enabling better differentiation of DDM configuration types.
-
Web Content Filter Configuration support for macOS devices: The Web Content Filter Configuration is now supported for macOS devices.
For more information, see Web Content Filter Configuration.
-
Support for AppConnect Certificate Configuration in Pulse Secure App (iOS): AppConnect Certificate Configuration for Ivanti Secure Access Client (iOS) is now supported in Ivanti Neurons for MDM settings. The “AppConnect Certificate Configuration” section is visible for the App Store Ivanti Secure Access Client (iOS) in Ivanti Neurons for MDM.
-
Beta Management in Device Enrollment Profile: Device Enrollment Profile now supports Beta Management on iOS 17 and macOS 14 devices. A new field is added for beta programs under Require minimum OS version for enrollment selection for iOS and macOS devices. For more information, see Device Enrollment.
-
View Platform Information for Licenses: Administrators can now view platform information for license details in the VPP details page. For more information, see Apple Apps and Books.
-
Support Tab in Ivanti Go Client: Ivanti Go Client Privacy is now renamed to Ivanti Go Client Settings. A new field Enable Support Tab is added in Ivanti Go Client Settings Configuration. For more information, see Ivanti Go Client Settings.
-
Support for Apple Access Management: Ivanti Neurons for MDM now supports Apple Access Management for Supervised and Managed devices. For more information, see Apple Access Management.
For more information, see Working with Configurations.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.

General features and enhancements
-
Secure Multiuser WebClip Authentication : Ivanti Neurons MDM now supports secure multiuser sign-in for iOS Web Clips using Azure AD, Okta, and local users. Devices automatically enforce re-authentication and reassignment after logout, ensuring secure access in shared environments.
-
Updated App Catalog Configuration Behavior: The updated functionality ensures that when an app is searched for in Apps@Work, it will not appear if the Do not show app in end user App Catalog option is enabled in the app's iOS configuration.
iOS, macOS, watchOS, visionOS, and tvOS features
- macOS 15.4+ Device Attestation for Platform SSO: A new field Allow Device Identifier Attestation has been added under the Extensible SSO configuration in the platform SSO section for macOS 15.4 and later.
For more information, see Single Sign-On Configuration.
-
Fully Qualified Domain Names (FQDNs) for Relays: In the Network Relay configuration, the Match FQDNs and Exclude FQDNs keys are added, and these two keys are supported on iOS 18.4+ and macOS 15.4+ devices.
For more information, see Network Relay Configuration.
-
Passkeys support for DEP registration: On macOS15+ devices, iDP users can now login using Passkeys during Automated Device Enrollment.
For more information, see Device Enrollment.
-
Predicate Validation in Admin Console: A new Test option and STATUS field have been added to validate predicate syntax. Admins can now verify predicate expressions for iOS and macOS configurations before deployment, helping prevent failures and detect syntax errors early.
For more information, see Deploying Apple Devices.
- iPad Battery Health Status: From iPadOS 18.4 onward, Battery Health status channel reporting is supported and must be enabled.
-
Support for iOS App Installation on tvOS Devices : Admin can now install compatible iOS apps on devices running tvOS. Please ensure that the app developer has explicitly enabled support for tvOS, as installation will fail for apps not marked as compatible.
Supported App Types:-
In-house apps
-
Volume Purchase Program (VPP) apps
Public App Store apps are not supported at this time.
You must select Require installation on device in the Install on Device configuration.
-
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.