New features summary

This section provides summaries of new features and enhancements that are available in this release. References to documentation describing these features and enhancements are also provided, when available.

General features and enhancements

Android features

iOS, macOS, and tvOS features

Windows features

New features summary

Mobile Threat Defense features

General features and enhancements

  • Support for Kerberos authentication: Ivanti Neurons for MDM supports Kerberos authentication to communicate between Ivanti Neurons for MDM and Microsoft SCEP servers. For more information, see Enable Kerberos Authentication between Ivanti Neurons for MDM and SCEP server.

  • Improved advanced search capabilities in the App Catalog: The Advanced Search capabilities in the App Catalog have been improved by adding the following rules to fetch the apps that match very closely with the app attributes:

    • Date Modified

    • Device Distribution

    • Device Group Distribution

    • Group Distribution

    • Provisioning Profile

    • User Distribution

    For more information, see App Catalog.

  • Added a new attribute in the rule builder: Starting with this release, the attribute OS With Version is added to Advanced Search, rule builders, and distribution lists for Spaces, Devices, Device Groups, Policies, and Configurations.

  • Sync now device compliance action: A new device action, “Google BC Device Compliance Status Sync” is supported now.

Android features

  • Retiring Ownership of a device: Administrators can no longer relinquish the ownership of a device in Work Profile on Company Owned Device mode. Instead, the device ownership can be retired to remove the corporate data only. For more information, see Relinquishing Ownership of a Device.
  • Kiosk inactivity duration: Administrators can now set the kiosk inactivity duration until which the kiosk remains active. For more information, see Lockdown & Kiosk: Android Enterprise.
  • Displaying the Android shared kiosk device information: The Kiosk mode has been renamed to Kiosk State and a new option, “Kiosk Types” is now available for Shared Kiosk devices. The Shared Kiosk device information like Kiosk State, Kiosk Type, etc. is available under the Device Details section. For more information, see Setting up Android shared device kiosk.
  • Disabling network reset on Android Enterprise devices: A new lockdown setting, Disable Network Reset, is now available to restrict the network reset for devices on Work Managed, Work Managed AOSP, and Managed Device with Work Profile modes. For more information, see Lockdown & Kiosk: Android Enterprise.
  • Play Integrity Attestation updates: When the Play Integrity configuration is pushed to the Android devices, the devices on version 14 or later will receive the Play Integrity Attestation updates. Android devices on versions before 14 continue to receive the SafetyNet Attestation updates.
  • Wipe option in Work Profile mode: The Wipe operation cannot be performed on Work Profile devices because it is not feasible now. Instead, the administrators can use Retire action to remove the device from active MDM management.

  • Updated the Device Details > Logs content: Starting with this release, the names of the applications are now visible during the install and uninstall events for Android apps in the Devices > Details > Logs tab, which is now consistent with the other application events.

  • Improved scheduling configuration of in-house Android applications: Starting with this release in Ivanti Neurons for MDM, you can now granularly schedule time-based installation of in-house Android applications based on the device's local time zone. For more information, see App Catalog.

iOS, macOS, and tvOS features

  • Introduced Energy Saver configuration for macOS devices: Administrators can now push Energy Saver configuration to macOS devices to enable users to specify energy saver settings on the device. For more information, see Energy Saver Configuration.
  • Support for multiple macOS System Extension configurations: Multiple configuration capability is added to macOS System Extension configuration. The admins can now push more than one macOS System Extension config per device.
  • New "Refresh Location" option added to Lost Mode: The Refresh Location option is added to Lost mode to view device location. The location details are fetched from device and following details are displayed:
    • Latitude
    • Longitude
    • Timestamp

    For more information, see Performing lost mode actions section under Managing devices in Apple lost mode

  • New "Notification" configuration added: New Notifications configuration, giving the admin an option to configure silent and visible notifications configurations for iOS devices. This configuration can be cloned, exported, and deleted.
  • New fields added for Tunnel configuration: The admin can now set or unset the following properties in VPN configuration:
    • Enforce Routes
    • Exclude Local Networks
    • Include All Networks
  • Managed Device Attestation is now available for macOS 14: Managed Device Attestation allows Mac computers to use the Secure Enclave and Cryptographic Attestations to provide strong assurances about their identity and security posture. This helps prevent attackers from extracting credentials, legitimate devices, or lying about the properties of a device.
  • Support for IPv6 addresses: Support to group devices based on their IPv6 addresses added to Device groups and Space rule builders.

  • Minimum enrollment version for iOS 17 and macOS 14: The admins can now set a minimum required OS version for device enrollment. If device doesn't meet the minimum OS version criteria, then the enrollment is blocked.

    The user will see the Software Update prompt to update the device to the desired OS version. After that is complete the enrollment will continue. Under the Admin> Apple> Device Enrollment > Create DEP Profile > Edit device enrollment profile, two new sections iOS 17+ and macOS 14+ are added with the following fields:

    • Require minimum OS version for enrollment option

    • Minimum iOS or macOS version

    • Minimum Build version

    • Message

    For more information, see Device Enrollment.

  • Support for Automatic re-enroll after Wipe action: The admin can now configure devices to automatically re-enroll after the data was erased, so customers don’t have to re-enroll the devices manually after a wipe. The following two fields are added:

    • Enable Return to Service

    • Wi-fi profile data dropdown: The Wi-Fi profile that installed after erasure, when using Return to Service. This is required when the device doesn’t have ethernet access.

      The user needs to deactivate all activation locks. Also, currently this is applicable only for iOS devices enrolled in DEP mode

      For more information, see Wiping a Device.

Windows features

  • Enhanced Windows Restrictions Configuration: New restrictions are added to the Windows Restrictions Configuration. The new restrictions are applicable to all versions of Windows and Windows 10+ devices. The new restrictions are as follows:

    • Disable Wi-Fi

    • Disable screen capture (Desktop only)

    • Disable USB mass storage (HoloLens only)

    • Disable user from setting the device lock grace period (HoloLens only)

    For more information, see Windows Restrictions.

  • Improved devices details information: Starting with this release, the Firewall Status for Windows devices will populate in the Devices > Device details > Overview tab. For more information, see Getting Started with Devices and Configuration Types.

  • Device Actions for Windows Devices on Device List: Starting with this release, you can access Scripts and Actions via Ivanti Bridge after selecting a device from the Devices > Actions button. For more information, see Getting Started with Devices.

Mobile Threat Defense features

Mobile Threat Defense (MTD) protects managed devices from mobile threats and vulnerabilities affecting device, network, and applications. For information on MTD-related features, as applicable for the current release, see the Mobile Threat Defense Solution Guide for your platform, available under the MOBILE THREAT DEFENSE section on the Ivanti Product Documentation page.

Each version of the MTD guide contains all Mobile Threat Defense features that are currently fully tested and available for use on both server and client environments. Because of the gap between server and client releases, new versions of the MTD guide are made available with the final release in the series when the features are fully functional.