New features summary
This section provides summaries of new features and enhancements that are available in this release. References to documentation describing these features and enhancements are also provided, when available.
General features and enhancements
Mobile Threat Defense features
General features and enhancements
-
New Optional Quarantine action: A new Optional Quarantine action, 'Remove all configs except the following'is available now to remove all configurations with few exceptions. For more information, see Working with Policies.
-
Managed App Configuration updates: The administrator now has the option to update the configuration with the latest features. For more information, see Managed Configurations for Android.
-
Enhancement in Device Actions: A new permission Start TeamViewer Session is added to the Device Actions section. This option allows the administrator to create a custom role, which provides permission to initiate a TeamViewer session. For more information, see Roles Management.
-
New option in Quarantine Actions: A new option Remove all apps except the following is added in the optional additional quarantine actions to remove all applications except those that are added to the application list. For more information, see Working with Policies.
-
Improvised options to notify policy violations to administrators: Starting with this release of Ivanti Neurons for MDM, you can configure it to notify the administrators if the device owner violates the policy rules. Additionally, you can configure to notify multiple administrators in case of policy violations. For more information, see Custom Policy.
-
Enhanced options to export app-specific information: Starting with this release of Ivanti Neurons for MDM, you can export information about all the devices specific to the application based on the bundle ID from the App Inventory. For more information, see App Inventory.
-
Added a new attribute in the rule builder: Starting with this release, the attribute Device Group is added to the Dynamically Managed device group.
-
Device groups within the same space are listed in the drop-down for selection.
-
Device group creation is only allowed at level one.
-
If you delete a child device group and there are no other rules added to the parent device group, the parent device group will also be deleted.
-
If there are rules assigned to the parent device group (other than the child device group), only the rule associated with the child device group is removed, and the parent device group is not deleted in this scenario.
-
- Support to allow bulk enrollment using QR code: You can now register devices using QR code for bulk enrollments.
- Support of substitute variables: Substitute variables are now supported for username and password fields for Cellular and APN configurations on IOS and Android platforms.
-
New "Location" field is added to default GDPR profile: When "Location" is selected in the GDPR profile and assigned to a user group, then the Device Location fields Last located on, Latitude and Longitude are masked in the device details for the users who are part of that user group. For more information, see GDPR Profiles.
- Updates to the Retire and Wipe actions on the Self-Service Portal and Admin Portal: The Retire and Wipe actions have been updated on the Self-Service Portal and the Admin Portal to only allow feasible options based on device registration status, with the following changes:
Self-Service Portal:
Removed the Wipe action for devices in Work Profile mode.
Removed the Retire action for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Admin Portal:
Disabled the Retire action and enabled the Wipe action on the Device Details page for devices in Work Managed Device, Managed Device with Work Profile, Work Managed Device Non-GMS mode, and Android Management API modes.
Disabled the Wipe action and enabled the Retire action on the Device Details page for devices in Work Profile mode.
If a device is in a Wiped or Wipe sent or Retired or Retire sent state, then the Retire and Wipe actions will be disabled.
If a device is in a Retire pending state, Wipe is disabled, whereas Retire is enabled.
If a device is in a Wiped or Wipe sent or Retired or Retire sent state, then the Retire and Wipe actions will be disabled.
iOS, macOS, and tvOS features
-
New restriction added to iOS Restrictions config:
-
Allow Marketplace App Installation: The allowMarketplaceAppInstallation restriction is used to prevent app downloads from alternative marketplaces. This Restriction when set to false, will prevent users from installing new alternative marketplace apps and apps installed from those marketplaces.
-
Allow Live Voicemail: The allowLiveVoicemail restriction is added to disable live voicemail on the device.
-
Force Preserve ESIM on erase: The forcePreserveESIMOnErase restrictions is added to preserve eSIM when the system erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset.
For more information, see iOS Restrictions
-
-
Delegation with custom distribution is enabled for iOS restrictions configuration: The global administrators can now delegate space administrators to edit the configuration for All Devices and for the Custom distribution option. For more information, see iOS Restrictions
The distribution changes are applicable only to the specific space. All other spaces continue to inherit the default space distribution settings.
-
New column added for Apple devices: The new field Device Type (Apple) is added for iOS and macOS devices in the following places:
-
Devices > Device Groups > rule
-
Advance Search > rule builder
-
Custom Policy > rule builder
-
App Distribution Filters > rule builder
-
Spaces > rule builder
-
-
The Control Media Configuration is deprecated: The "Allowed Media Control" configuration is deprecated by Apple. This configuration is now disabled on the Ivanti Neuron for MDM.
- Provide bundle identifier: The Provider bundle identifier field is available when the Connection Type is selected as Custom SSL to manage the Per-App VPN.
Windows features
- Support for Recurring Windows Scripts and Actions configurations: The administrator can now enable the recurring execution of scripts with the following new settings:
- execution daily or on certain days of the week
- time when the script should be executed (first check-in after configured time)
- execution interval start and end dates
- 'run at least once' flag to trigger a single execution even after the 'execution end' date if check-in did not happen during the configured intervals.
- New options in Windows Software Update configuration: Starting with this release, the Branch to install updates from drop-down now has new options. The new options are added to the Windows Software Update configuration to configure active hours for automatic Windows updates, and the PC is restarted. For more information, see Software Updates.
-
New option added in custom policy: Starting with this release, now Bridge Last Check-in field is available while building a custom policy. For more information, see Custom Policy.
ChromeOS features
- Public IP Address of devices: The Public IP Address of the ChromeOS devices is now visible under the Device Details section.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.