New features summary
This section provides summaries of new features and enhancements that are available in this release. References to documentation describing these features and enhancements are also provided, when available.
General features and enhancements
Mobile Threat Defense features
General features and enhancements
- Added report columns for iOS, macOS, and Android devices: New Report Columns are added for Scheduled Reports in Report Data tab. To select the new report columns, you can use the Select all columns check box to select all the displayed columns in the list.
- Support to include SID for AppStoreFront CA: Starting from this release, for any new device registration for LDAP users, the AppStoreFront Certificate Authority will contain the SID. If you need to assign SID for an existing device, you need to re-register the device. Also, starting from this release the AppStoreFront Certificate Authority will be automatically renewed with the SID once the certificate expires.
- Support to edit distribution options for Sentry Root Certificate: The administrator now has the option to edit the default distribution of the Sentry Root Certificate configuration from the distribution page. As Sentry Root configuration is of type certificate you can now delegate it to other spaces through custom distribution. You can also provide edit permission to the custom space administrator by delegating the configuration to other spaces. For more information, see Setting Up AppTunnel.
- New attribute is added to the rule builder: Custom IDP Attribute is added to the rule builder so that rules, distributions, or groups can be created and synced against a SCIM custom attribute. For more information, see Distribution Filters and Attributes.
- App Catalog for Native Client adds Apps@Work tab to the Go client application for MAM-only devices: The App Catalog for Native Client configuration adds the Apps@Work tab to the Go client application during device registration for MAM-only devices. The Apps@Work tab displays the list of applications from the App Catalog. This is applicable only for Ivanti Neurons for MDM Release 92 onwards.
- New option in Managed Apple ID: The userUPN domain option is added to Managed Apple ID for Pattern Match. For more information, see Connect Ivanti Neurons for MDM with Azure Active Directory User Source, User Provisioning-Azure Active Directory , User Enrollment with Apple Business Manager, and Configuring LDAP server.
- Display and search details of app installation in Device logs: Starting from this release you can view the application installation details from the Device Details > Logs > Details column. You can also search for a specific status from the newly added search bar.
For all devices the status shows the following details:
- App name, app version, bundle, or package ID
- Status of installation
- Any errors and reason for the error
For example - appOrConfigName=Name:<app name>;Identifier=<bundleid>;iTunesStoreId:<itunesid>;Status:<status or error reason from Apple>version: <app version>
For Windows devices the status shows the following details:
- Include bundle ID or package ID, status, and errors
For example -- For type - application inventory and status - acknowledge - displays - appType
- For type - application inventory and status - sending - Does not display anything
- For type - install/uninstall and status - success/failure/sending - displays Include bundle ID or package ID, status, name, version, and errors
For more information, see Searching Device Logs > Getting Started with Devices.
- Updated Device Cleanup Settings: The Device Cleanup Settings is updated to add the following processes:
Delete Wipe Pending Devices: Starting with this release, you can delete the devices that are due to be wiped.
Retire the Retire Pending Devices: Starting with this release, you can retire the devices that are due to be retired.
For more information, see Device Cleanup Settings
- Support to uninstall (exclude or redistribute) an app from a device: The administrator can now exclude or re-distribute an app from a device on iOS and macOS devices. For more information, see Getting Started with Devices and Excluding or Redistributing an app.
Android features
- Ivanti Tunnel and VPN configuration on Android Enterprise devices: The Ivanti Tunnel and VPN configuration is deprecated for devices in Android Enterprise mode. It is recommended to use managed configurations from the Ivanti Tunnel app. For more information, see Tunnel and VPN Configuration.
- Support for Network and Security log delegations: The Network and Security log delegations are now supported in AMAPI mode. For more information, see App Catalog.
- Reassign Android devices : The administrator can transfer the ownership of an Android device from a user to a different user. This requires a SUEM-Premium license. For more information, see Reassigning an Android device.
- Android device reassignment: Android device reassignment is available only in SUEM-P.
- Kiosk Mode Allowed Apps: The administrator can create folders and move apps to these folders in Shared Kiosk mode. For more information, see Lockdown & Kiosk: Android Enterprise.
- WhiteLabel Settings enhancements : New enhancements have been added to the WhiteLabel Settings. For more information, see Help@Work.
iOS, macOS, and tvOS features
-
Support for Apple device declarative management: Apple's Declarative Device Management is a modern management protocol that allows managed devices to proactively and autonomously apply their own management settings with less communication. Declarative Device Management is enabled on newly enrolled devices during enrollment or during check-in for already enrolled devices.
Declarative Device Management is automatically enabled on the following eligible devices:
- Computers with macOS 13 or later
- Devices with iOS 16 or iPadOS 16 or later
- Devices enrolled via User Enrollment support Declarative Device Management on iOS or iPadOS 15 or later.
- Apple TV devices with tvOS 16 or later
In this release we are also adding Declarative Management support for the following Status Channels:
- Changes to the OS Version
- Passcode compliance
- Passcode present
This means that every time there is a change in the status of the Passcode Compliance or in the OS version, devices will communicate back in real time to the server. Which will trigger automated actions and compliance policies much faster and in real time.
For more information, see Getting Started with Devices.
- Support to select multiple certificates in Ethernet and WiFi configurations: Ethernet Configuration and WiFi Configuration now let you select multiple certificates from the Trusted Server Certificate Names field. For more information, see Ethernet Configuration (macOS) and Wi-Fi Configuration.
- Distributed configurations and high priority applications are installed during setup of Automated Device Enrolled devices: Starting from this release, all the distributed configurations and high priority applications will be installed on the devices in the background during setup of Automated Device Enrolled devices if the Wait until Configurations and high priority applications are pushed to devices option is enabled in the DEP profile. For more information, see Device Enrollment.
Windows features
- Software updates installation on Windows 10+ devices: Software updates installation on Windows 10+ devices – When updating software on Windows 10+ devices, the “Branch to install updates” options have been updated. For more information, see Software Updates.
- New Ivanti Apps@Work app for Windows: Following changes are made to the Apps@Work app:
- Rebranded with Ivanti logo
Identity of Generic version of Apps@Work updated from MobileIronAtWorkEMM to IvantiAtWorkUEM
Version series of Apps@Work updated from "9.6.0.0" to "10.0.0.0"
When the release upgrade happens on tenants that already have Apps@Work app on their devices, the Apps@Work app with Ivanti re-branding will be added to the App Catalog. But the re-branded version will not be distributed to the devices automatically, you need to perform manual distribution. In the case of new tenants, only the re-branded version will be made available in App Catalog. This version is set to Distribute to Everyone by default.
- Support for Microsoft Defender for Endpoint (formerly known as Windows Advanced Threat Protection) configuration: The Microsoft Defender for Endpoint allows customers to leverage Microsoft Purview and other Azure services. For more information, see Microsoft Defender for Endpoint.
- Install the O365 apps during Autopilot installation: The O365 apps configuration can now be installed during Autopilot enrollment workflows. When devices are released to the end user, O365 apps will be already available and installed on the device. For more information, see Configuring Windows Autopilot Profiles.
- New hardware attributes for creating Device Groups: New hardware attributes (Manufacturer, Total Device Capacity, Total Memory MB) have been added to the Create Device Group and Custom Policy sections. For more information, see Device Groups.
Mobile Threat Defense features
Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.
Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.