MobiControl 15.5.2 Release Notes

Upgrade Considerations

  • In SOTI MobiControl version 15.5.0 onwards, “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to MobiControl Administrators, MobiControl Technicians and MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.
  • If you are using an older version of Cloud Link Agent (CLA) (e.g.,1.x, 2.x ,3.x or 4.0), you must upgrade to CLA 4.1. Before upgrading, you must uninstall the older version of CLA. If CLA 4.1 is not set up with SOTI MobiControl 15.5.0, any operation or functionality related to LDAP and ADCS will not work.
  • Windows CE/Mobile devices that reset to their default factory settings may be unable to reconnect to SOTI MobiControl 15.5.0 or later due to device date and deployment server binding certificate date being out of sync. Before you upgrade or generate a new certificate binding, you may need to set up a Network Time Protocol/Simple Time Network Protocol (NTP/SNTP) server. Having the SOTI MobiControl agent or device contact an NTP/SNTP server before connecting to SOTI MobiControl allows devices to retrieve the current date and time. Impacted devices can then connect to SOTI MobiControl successfully once they reset to the factory default date and time.

    For more information, see this article on SOTI Pulse.

Release Highlights

Conditional Access for Microsoft 365 Apps on macOS

You can now conditionally grant or deny access to Microsoft 365 apps and other mobile apps which utilize Azure AD authentication on macOS devices. SOTI MobiControl’s integration with Microsoft allows you to use the MobiControl device compliance status in Azure AD’s conditional access policies. When configured, only the compliance statuses of devices assigned to the compliance policy will be reported to Microsoft, enabling you to manage the scope of the devices synchronized with Microsoft.

Bootstrap Token Support

We added support for bootstrap tokens on macOS devices. As of macOS 10.15, device users with bootstrap tokens enabled do not need administrator credentials to grant new user accounts a secure token.

Bypass Manual Interaction for Kernel Extensions

As of macOS 10.13.2, users can use bootstrap tokens to specify a list of kernel extensions that load without the previously required user consent. With this update, administrators can allow any macOS device enrolled in SOTI MobiControl to bypass the manual interaction required for enabling kernel extensions.

Display Local User Information on Web Console

We added the names of all local users on macOS devices to the Device Info screen, providing administrators the opportunity to cross-check any macOS user profile assignment issues and respond accordingly.

Target by Processor Type

You can now distinguish macOS devices based on Intel or Apple processor type. This allows administrators to target app policies and profiles to devices based on processor and filter out devices for added clarity.

Enhanced Support for Script Execution

The Send Script feature has been upgraded to allow you to execute multi-line scripts from the Web Console for macOS devices. The agent is now able to distinguish the built-in script functions from macOS script commands, allowing you to integrate both SOTI MobiControl and macOS scripts as part of the same execution.

Resolved Issues

MCMR-28943 Switching a device to Administrator Mode during a remote control session failed with the error message “An error occurred while processing the request.”
MCMR-29992 Failed to generate device certificates from certificate template
MCMR-30311 Uploading packages through APIs removed the package configuration in the profile
MCMR-30410 Windows Desktop device lockdown failed after upgrading to version
MCMR-30597 Client certificates failed to install on Linux Raspberry Pi devices
MCMR-30757 Group actions to locate devices failed to fetch the device locations
MCMR-30911 Custom data provided by the device agent during device check-in was not populated in the database and Web Console by the Deployment Server
MCMR-31407 MGPA apps would take a long time to install on devices during enrollment