SOTI MobiControl Logo
Release Notes
-
Release 2025.0 -- Build 1032 -- October 29, 2024
Note: SOTI MobiControl 2025.0 build 1032 replaces the previous build (1031) posted on October 28, 2024.
Release Highlights
SOTI VPN for Android Enterprise & Windows Modern
SOTI VPN is an all-new secure tunnel that is simple to configure from the convenience of the SOTI MobiControl console. It has been specially designed for front-line worker use cases, providing them with a seamless user experience that requires no additional steps to initiate the VPN connection or provide authentication credentials, it’s all automated. On Android and Windows, SOTI VPN can be used to tunnel all device network traffic or traffic destined for specific IP ranges. Additionally, on Android, per-App VPN can be used to focus the VPN tunneling capability to only select apps.
Note: SOTI VPN functionality is only available to customers who subscribe to SOTI Premium Plus or Enterprise Plus Service.
Samsung Knox E-FOTA Policy
Administrators can now control Android operating system updates for their Samsung Knox devices using the Samsung Knox E-FOTA policy within SOTI MobiControl. With this single pane of glass experience, administrators can effortlessly ensure all their Samsung Knox devices are on the exact firmware version they need for reliable business operations. This centralized management approach simplifies the upgrade process and provides greater oversight and control over the device fleet.
Apps Dashboard
The Apps Dashboard centralizes app workflows, providing a consolidated view of app-related information with real-time status updates across devices. It simplifies the management of app configurations and policies, ensuring consistent deployment. The new one-click retry feature for failed installations further streamlines the process, minimizing downtime and simplifying issue resolution.
Certificates Dashboard
SOTI MobiControl administrators can now have a holistic overview of all their certificates in SOTI MobiControl. The Certificate Dashboard is engineered to streamline the tracking, monitoring, and management of device certificates in MobiControl. Not only does it enhance process efficiency, but it also eliminates renewal-related frustrations and proactively minimizes the risk of unnoticed renewal failures, ensuring smooth, uninterrupted device operation.
Enhanced Installer Experience
This update introduces a modern and intuitive user interface for the SOTI MobiControl installer, providing customers with clearer visibility of missing prerequisites and direct links for installation, streamlining the setup process. The enhanced installer also enables silent installations, reducing user interaction time and improving overall efficiency.
SOTI XSight Live View Device Action
You can now start a SOTI XSight Live View (Patent Pending) session directly from the SOTI MobiControl Devices Dashboard. The Live View device action provides real-time location and critical business insights for the selected devices in SOTI XSight Live View. This feature can be used for a single device, multiple devices, or a device group.
Profile Installation Priority
Users can now streamline profile deployment by assigning installation priorities, ensuring profiles are installed in a specific order on Android devices. If a high-priority profile fails, users can halt lower-priority installations automatically. This reduces the need for workarounds and minimizes human error during device staging, while improving standardization, traceability, and predictability in the provisioning process. This feature is supported only on Android agent 2025.0.0.
iOS & iPadOS Declarative Device Management
Declarative Device Management (DDM) configurations, activations and assets allow devices to react to state changes and apply management security policies without connecting to the SOTI MobiControl server.
Streamline Wi-Fi and Kiosk Mode Configurations for ChromeOS
Administrators can now efficiently configure Wi-Fi and Kiosk Mode settings for ChromeOS devices without requiring the Google Admin console, ensuring seamless connectivity, enhanced security and customized device experiences.
Streamlined Windows Updates Control & Bandwidth Optimization
Introducing streamlined Windows Update management with bulk update approvals, a centralized view, and delivery optimization for faster update downloads. These enhancements reduce administrators' time and costs while optimizing bandwidth usage.
New Features and Improvements
System Administration
Ability to Export and Import File Sync Policies
Administrators can now export File Sync policies from one SOTI MobiControl environment and import them into another. This feature facilitates the quick transfer of File Sync policies across multiple environments, reducing the need for repetitive manual copying and lowering the risk of human error.
Cloning File Sync Policies
Administrators can now clone file sync policies, making it easier and faster to replicate existing configurations across your organization. This new feature streamlines policy management by allowing you to create identical copies of your file sync policies with just a few clicks, ensuring consistency and saving time when setting up or modifying policies.
SOTI Identity Conditional Access Action in Compliance Policy
Compliance Policy’s new SOTI Identity Compliance Access action can be used to limit the third-party applications which users may access via SOTI Identity. This action is to be used in conjunction with SOTI Identity’s Secure Access Control policy.
Share Assignment Filters for Profiles & Policies
Administrators can now save and share assignment filters for easy reuse across multiple profiles and policies. Filters can be named, edited, and deleted, reducing the time spent on repetitive tasks and improving accuracy in filter application.
Microsoft Entra ID Support for Shared Devices for Android and iOS
Administrators can now directly configure Shared Devices to use an Entra ID directory. There is no longer the need for the additional configuration of an Entra ID (formerly Azure AD) identity provider (IdP) which acted as an intermediatory interface. This simplifies the configuration experience for administrators and also optimizes the real-time authentication experience for mobile device users.
Execute Script upon Shared Device Logout
This feature lets SOTI MobiControl administrators configure scripts that automatically run when a device user logs out from a shared device. Administrators can delete leftover documents and app-specific logs to protect user privacy and streamline troubleshooting.
Active Remote Control Session Indicator
This feature gives users a visual indicator in the web console when a remote-control session is active on a device. Users can also see the duration of the session and identify who initiated it, enhancing the auditing process for administrators.
Support for Additional Signal Device Actions
Signal now supports the following device actions when a policy is triggered: blocking Exchange access, allowing/blocking SOTI Hub access, clearing SOTI Hub’s cache, and logging out Shared Devices.
Support for Outdoor Geofence in Signal Policies
Automated actions from Signal, such as relocating a device or triggering an alert, are now supported based on device’s entry or exit of an outdoor geofence.
Support for Cloud Link Agent Properties in Signal Policies
Administrators can monitor the status of their Cloud Link Agents using Signal Policies, allowing administrators to configure automated actions whenever a Cloud Link Agent related event occurs. This feature eliminates the need to manually monitor the health of Cloud Link Agents, which can lead to faster issue discovery and resolution.
Ability to Unenroll Associated Devices when an Active Directory User is Disabled
Administrators can now configure automated device actions of “unenroll device” or “disable device” whenever the assigned user is in a disabled state. This only applies to users belonging to Microsoft Active Directory. This setting can be configured in enrollment policies when the directory authentication is selected.
Bulk Deletion of Packages
Administrators can now perform bulk deletions of packages via the web console. This feature enables efficient removal of multiple unused or outdated packages at once, streamlining system maintenance.
Database Monitoring and Notifications for SQL Express
This update introduces real-time monitoring of SOTI MobiControl's database size, specifically for environments using SQL Express, to effectively manage the 10 GB size limit. SOTI MobiControl now provides proactive notifications when the database reaches a preset threshold of 90%. These notifications enable administrators to take timely action, preventing unexpected failures and reducing potential downtime.
Ability to Manage Device Scripts from Signal Policies
When configuring a Signal Policy's send script action, users can now access Script Manager. This feature enables efficient management of script operations, including adding, deleting, and modifying device scripts across various types supported in SOTI MobiControl, such as JavaScript, Legacy Script, PowerShell, and more. This streamlined process saves time and lets users perform these tasks seamlessly during Signal Policy configuration.
Support for Microsoft SQL Server 2022
SOTI MobiControl now supports Microsoft SQL Server 2022, enhancing security for enterprise customers. This update ensures IT policy compliance, reduces security vulnerabilities, and allows customers to utilize the latest SQL Server features.
Filter Profiles and Policies based on ‘Device Kind’
Administrators can now filter profiles, enrollment policies, and app policies by device type for more precise results, improving operational efficiency.
Custom Attribute Sorting in Device Details
Administrators can now sort Custom Attributes in ascending or descending order within Device Details, streamlining data organization and improving workflow efficiency.
Android Enterprise
Dynamic Admin Password
Administrators can now share to their device users a device-specific, one-time password generated by SOTI MobiControl to enter administrator mode on the Android agent. Once used, MobiControl automatically regenerates the device-specific administrator password, ensuring security and ease of use. This enhancement provides a secure and efficient way to allow administrative access on devices, improving overall device management and control.
Execute Scripts for Inactive Devices
Administrators can execute legacy scripts when a device is inactive via the Device Inactivity payload. This allows administrative scripts to be executed only when the device is idle and avoids mobile worker disruption.
Restrict Android MAC Randomization in Wi-Fi Profiles
Administrators can now disable Media Access Control (MAC) address from being randomized for a specific Wi-Fi Service Set Identifier (SSID) via the Wi-Fi payload in profiles. This allows devices to retain a static MAC address which a Network administrator can use to allow access to corporate Wi-Fi networks.
Import & Export Managed App Configurations for Android Apps
When configuring your Managed App settings, simply fill in the required fields and export the configuration. This allows you to easily apply the Managed App configuration to another App Policy targeting the same app.
Android Device Authentication per Shared Device User Session
Administrators can now enforce a unique 4 to 16-digit Android OS Personal Identification Number (PIN) requirement for their shared device users, ensuring devices are secured before completing the login process., This action maintains IT security policies while protecting the mobile worker’s data with a personalized PIN.
Enhanced Scripting Console for JavaScript Scripting
Administrators can now view suggestions for new namespaces and functions as they type their JavaScript script just as they would in an IDE (integrated developer environment). In addition, errors will be highlighted allowing the user to troubleshoot their scripts.
SOTI MobiControl Companion*
Administrators can now use the SOTI MobiControl Companion, an enterprise app that supports devices enrolled through Google's Android Management API (AMAPI) to provide a range of features that extend beyond the native AMAPI capabilities. These include Remote View, File Sync policy, Out of Contact management, and many more.
This is applicable only for Android devices enrolled as Android Enterprise Work Profile and Corporate Personal via AMAPI.
*Note: SOTI MobiControl Companion requires SOTI MobiControl Server 2025.0.0 or later. SOTI MobiControl Companion will be released on the Google Play Store soon.iOS
Feature Control Profile Redesigned
Quickly search and navigate to over 90 Feature Control settings available in the profile.
5G Network Slicing
Assign specific network slices to managed apps on a carrier's 5G Standalone (SA) network. This ensures that all traffic for a designated managed app are routed to the slice identified by a specified Data Network Name (DNN) or App Category, which can be obtained from your carrier provider. Additionally, you can now enforce your iOS device to use mobile data.
Return to Service
Automatically reset the device, erase data, connect to Wi-Fi, and enroll in SOTI MobiControl.
Schedule App Policy Updates by Time and Day
As part of the App Policy, select the day and time for app updates to occur.
Advanced Configurations - Accessibility Settings
As part of Apple Advanced Configurations, administrators can now configure accessibility settings for their iOS devices.
iPadOS
User Targeting for Shared iPad
Restrict access to Shared iPad for Business devices to authenticated users only.
Advanced Configurations - Accessibility Settings
As part of Apple Advanced Configurations, administrators can now configure accessibility settings for their iPadOS devices. In addition to device assignment, you can assign this configuration to Shared iPad users as well.
macOS
Local User Account Setup During Automatic Device Enrollment
Create a managed administrator user account to enable zero-touch deployment for improved security and access to system settings and data.
Support for IKEv2
IKEv2 provides more efficient, advanced encryption and enhanced security protocols to establish a secure, encrypted VPN connection.
Platform Single Sign-On
End-users can sign in at the macOS login window, which will automatically authenticate them with the corporate Identity Provider and sign the user into apps and websites.
tvOS
Application Management
Automatically deploy and manage App Store applications with VPP support and Enterprise Applications for tvOS devices.
Windows Modern
App Policy Improvements – Microsoft Store & EXE Integration
You can now deploy Microsoft Store and .exe apps through the Windows Modern app policy. The improved user interface ensures a seamless and efficient app deployment experience.
App Catalog Support
New app catalog has been introduced, allowing users to view and install suggested apps while distinguishing between mandatory and optional ones. Administrators can now manage app visibility to ensure compliance and security.
Application Listing Improvements
Administrators can now remove apps from the app listing, block non-administrator users from installing apps, and view a complete list of installed applications. The app status system has been enhanced with a new "Failed" status for Windows Modern devices.
Lockdown Preview
Administrators can now preview configured Lockdown device screens directly from the web console, allowing for verification and accuracy checks before deployment.
Search for Health Attestation Attributes
Health attestation attributes are now available as search parameters in SOTI Search, allowing for more precise filtering and management of device security and compliance.
Real-time Logged-in User Visibility for Windows Modern Devices
Administrators can now view current logged-in user details on Windows Modern devices in real time on SOTI MobiControl web console, improving security and operational efficiency.
Local User Management for Windows Devices
Administrators can now create local users, define group memberships (Standard or Administrator), manage passwords and delete accounts on Windows Modern devices through the SOTI MobiControl web console, streamlining security and user management.
Enhanced Single App Kiosk Mode for Windows Devices
Administrators can now configure Microsoft Single-App Kiosk Mode with an improved UI, the ability to select from available applications, support for Microsoft Edge in digital signage, enhancing productivity and simplifying kiosk setup.
Microsoft Edge Browser Management for Windows Devices
Administrators can now control Microsoft Edge browser settings on managed devices via SOTI MobiControl, including password manager, allow/block lists, incognito mode, and homepage settings, enhancing security and governance.
Optimized Device Re-enrollment Process
After a Windows Modern device is re-imaged or reset, SOTI MobiControl checks device identifiers based on settings defined in Global Settings. If the criteria are met, a new device entry is not created, preventing duplicates and conserving licenses.
Device Reboot Management
Administrators can now manage and schedule device reboots, ensuring that security policies and configuration changes take effect promptly. This enhances device functionality and reduces the need for manual intervention.
Enhanced Defender Antivirus Management
Administrators now have a dedicated payload for Defender Antivirus, providing improved visibility and granular control over configurations. This update reduces security risks, ensures compliance, and streamlines antivirus management.
SOTI Surf
SOTI Surf for Windows
Administrators can now deploy SOTI Surf on Windows devices, providing a customized, secure and tailored browser experience on Windows Modern devices (versions 10 and 11) via a Windows SOTI MobiControl profile.
SOTI Surf Integration with SOTI XSight
Administrators can now enable a toggle from the SOTI MobiControl web console for Android Classic and Enterprise to collect browsing data, including web visits and errors. The collected data is accessible in SOTI XSight dashboards.
SOTI Hub
Access Content Library via SOTI Hub
SOTI Hub can now be used to access the files that are hosted in MobiControl’s Content Library. Content Library serves as a simple and convenient document repository for both on-premises and cloud customers for Android and iOS devices. By being built-in to MobiControl, administrators don’t have to worry about the complexities large scale document systems like Microsoft SharePoint, which is ideal when they have relatively few documents that need to be made available to MobiControl managed mobile devices.
Deprecations
Deprecation of Zebra Printers from SOTI MobiControl
Starting with SOTI MobiControl 2025.0.0, management and support for Zebra printers will be transitioned from SOTI MobiControl to SOTI Connect. For more details about this transition, please refer to the article here.
Deprecation of Windows Phone, Windows HoloLens
Starting with SOTI MobiControl 2025.0.0, the option to enroll Windows Phone and Windows HoloLens devices has been removed.
Deprecation of Windows Modern Enterprise App Deployment
Starting with SOTI MobiControl 2025.0.0, we are ending support for the enterprise app option within the Windows Modern app policy. Users will no longer be able to upload XAP file formats and cannot see or setup Enterprise app configurations under Global Settings.
Deprecation of Alert Rules
Starting with SOTI MobiControl 2025.0.0, Alert rules are deprecated. Upon upgrade from an earlier release version to 2025.0 pre-existing Alert Rules will be automatically converted to Signal Policies. After the upgrade, Administrators will receive an in-product notification with details of the conversion. Successfully converted policies appear in the Signal policies section. It is important to note that the converted policies will be initially disabled. Administrators must review and enable these policies for them to take effect.
Migration of Content Library
The administrative interface of Content Library, MobiControl’s built-in document repository, has been migrated from the web console’s legacy user interface to the modern interface. The configuration of document distribution to devices, which used to be performed via Content Library Policies, is now performed via the SOTI Hub profile payload. Device users who previously access the Content Library documents via the MobiControl Agent will now do so via the SOTI Hub app on Android and iOS devices.
Resolved Issues
MCMR-34255
SOTI Surf catalog not loading with Wi-Fi toggle enabled, and disconnected from network
MCMR-34262
Incorrect SIM card status logs in device and deployment server logs
MCMR-34534
Device group selection for similar names during assignment
MCMR-34859
Content Security Policy (CSP) not implemented, exposing to vulnerabilities
MCMR-34861
Cookie not marked as secure and transmitted over https
MCMR-35061
Devices not retrieving packages/files after Xtreme Hub relocation to another group
MCMR-35200
Inconsistency in Managed App Config for enterprise apps Wireguard, and tunnel configurations for JYSK
MCMR-35208
Web console resets when the word "API" is searched in profile granular permissions
MCMR-35202
MCMR-35348Unable to build Windows CE/ Mobile agent in SOTI MobiControl 2024.0.0
MCMR-35476
Data type value is not displayed in the log maintenance screen after upgrade from 15.6.5 to 2024.0.1
MCMR-35516
User able to make JSON changes and exit the Lockdown in Linux
MCMR-35562
Re-installation of an older version of an application, when a macOS device has a newer version
MCMR-35604
Unable to drag device folders into other folders with a custom port configured for management service host
MCMR-35666
SOTI Hub crashing on iOS devices
MCMR-35757
Users not having Delete but Manage Groups permissions able to delete devices
MCMR-35786
Syslog messages not being sent to the SOTI MobiControl server due to TLS 1.2 incompatibility
MCMR-35891
Hostname appears as an IP address on Linux devices
MCMR-35923
Performance issues on management server, slowness on deployment servers
MCMR-36025
Device location history shows up if only automatic is selected on web console
MCMR-36201
Inability to delete any device groups having zero devices and no profiles assigned
MCMR-36250
SOTI Surf not launching the camera directly, after navigating to an internal URL
MCMR-36293
Wi-Fi MAC address information not displayed on the device details page after a device reboot
MCMR-36440
Certificates are only pushed and not installed on Linux
MCMR-36443
SOTI Surf is incorrectly handling links when more than 10 websites exist per folder and more than 10 folders are present
MCMR-36616
Unable to upload iOS font files larger than 2 MB
MCMR-36791
Sending statistics to SOTI Services is failing on several MobiControl instances
MCMR-36833
Downloaded CSV files are appearing empty
MCMR-37120
Unable to delete File Sync policy having custom post-sync script
MCMR-37159
Action buttons missing in the column view
MCMR-37200
Package V2 API failing to upload a package having 4 or more periods or hyphens in the version
MCMR-37255
Inaccurate Out of Contact report showing connected devices
MCMR-37390
Inaccurate information in device connectivity activity report
MCMR-37440
CSV file showing incorrect or empty Custom Attributes data
APIs
Update Package Version in Profile(s)
- API to bulk update package version in profile(s)
Enrollment Policies
- API to get all enrollment policies
- API to download Enrollment Policies Summary listing
- API to download Enrolled Device Summary listing
- API to email Enrollment Policies Summary listing
- API to email Enrolled Device Summary listing
- API to update an action in selected enrollment policy
- API to return the count of information, warnings and errors
- API to return the list of enrollment policy logs
- API to return the list of enrolled devices using a specific policy
- API to return the list of enrolled devices count and pagination watermark using specific policy
- API to return the list of all enrollment policies for a specific device group
- API to download VPN Server Agent Installer file
Linux Enrollment Policies
- API to delete the Linux enrollment policies
- API to return the Linux enrollment policy details
- API to update the specified Linux enrollment policy
- API to create a new Linux enrollment policy
- API to return the Linux enrollment policy INI config file
- API to email Linux enrollment policy details
- API to return the Linux enrollment policy Agent Installer
Android Enrollment Policies
- API to create new Android enrollment policy
- API to update and existing enrollment policy
- API to delete an existing Android enrollment policy
- API to return the Android enrollment policy details
- API to email enrollment policy details
- API to return the policy enrollment INI config file.
- API to return Android agent APK file
- API to publish or update Android enrollment policy
iOS Enrollment Policies
- API to create a new iOS Enrollment Policy
- API to returns the details of specified iOS enrollment policy.
- API to delete the specified iOS enrollment policy
- API to update the specified iOS enrollment policy
- API to get SVG data for QR code configuration.
- API to email specified iOS enrollment Policy details
- API to updates the specified iOS enrollment policy profile
macOS Enrollment Policies
- API to create a new macOS enrollment policy
- API to update the specified macOS enrollment policy
- API to return the details of specified macOS enrollment policy
- API to delete the specified macOS enrollment policy
- API to update the specific macOS enrollment profile
- API to email specific macOS enrollment policy details
Windows Modern Enrollment Policies
- API to return the Windows Modern enrollment policy details.
- API to create a new Windows Modern enrollment policy
- API to update the specified Windows Modern enrollment policy
- API to delete the Windows Modern enrollment policy
- API to download the Windows Enrollment provisioning package
Windows Local User Management
- API to get the list of all local users on a Windows Modern device
- API to return auto-generated password of a local user created using SOTI MobiControl
Windows Modern Update Management
- API to return pending updates for a list of device IDs
- API to return pending updates for a device group, including subgroups
Windows Modern Logged-in User
- API to return details of a user logged into a Windows Modern device
Windows Classic Enrollment Policies
- API to create new Windows Classic VPN Server enrollment policy
- API to get a Windows Classic VPN Server enrollment policy
- API to update Windows Classic VPN Server enrollment policy
- API to Delete Windows Classic VPN Server enrollment policy
Dynamic Admin Password
- API to decrypt the dynamically created admin password
Samsung Knox E-FOTA Policy
- API to prepare the sign in URL for Samsung Knox E-FOTA
- API to sync registration details between Samsung Knox E-FOTA and SOTI MobiControl
- API to log user out of Samsung Knox E-FOTA from SOTI MobiControl
- API to get the SOTI MobiControl device summary for Samsung Knox E-FOTA
- API to get Samsung Knox E-FOTA license details
- API to sync license information between Samsung Knox E-FOTA and SOTI MobiControl
- API to delete Samsung Knox E-FOTA license
- API to auto upload devices to Samsung Knox E-FOTA
- API to get list of applicable Samsung Knox E-FOTA enrolled devices
- API to get list of assigned devices
- API to download and email the device report for a specific Samsung Knox E-FOTA policy
- API to get the policy schema from Samsung
- API to get the get the count of number of Samsung Knox E-FOTA policies
- API to create, edit, delete and cancel the Samsung Knox E-FOTA policy
- API to retrieve the list of Samsung Knox E-FOTA policy
- API to get the specific Samsung Knox E-FOTA policy details
- API to download and email Samsung Knox E-FOTA policy
- API to get the Samsung Knox E-FOTA policy logs
- API to retrieve the firmware for the Samsung Knox E-FOTA policy
- API to retrieve the firmware version
- API to assign the firmware to the Samsung device
- API to assign the firmware to the device
- API to get the assignment summary
- API to save and receive webhooks notification configuration
Content Library in SOTI Hub
- API to update and retrieve the root folder name and path for Content Library
- API to upload and download files and folders from Content Library
- API to retrieve and delete files and folders from Content Library
- API to update a file to a newer version and make any version as the latest
- API to check for existing files and filenames
- API to add and search categories in Content Library
- API to upload and delete categories in Content Library
- API to move content from one folder to another
- API to update metadata for a file or folder
- API to get the summary of Content Library categories
- API to get file references attached to the profile
-
Release 2024.1 -- Build 1052 -- March 20, 2024
Release Highlights
ChromeOS Support
MobiControl now supports ChromeOS allowing users to effortlessly enroll devices, monitor them alongside devices from other platforms, and perform essential actions such as wiping, enabling, and disabling. Connecting your Google Admin Console with MobiControl significantly streamlines administrative operations for Chrome OS.
Manage Apple TV with MobiControl
MobiControl Administrators can now manage Apple TV devices. They can enroll the Apple TV devices in MobiControl using Automated Device Enrollment (ADE) and can deploy several payloads such as Feature Control, Single App Mode, and Conference Room Display Mode.
iOS Declarative Device Management
Enable the new Declarative Device Management protocol for Apple devices running iOS 16 or later to allow them to be proactive and autonomously report status updates. This protocol significantly reduces network traffic, decreases the latency of device status updates, and empowers the device to maintain compliant states even when offline.
Content Caching on macOS
Make use of this powerful feature to speed up the download of software updates and iCloud data across your macOS devices. MobiControl Administrators can now configure one or more macOS devices to save this data locally, and other devices can download from these selected devices instead of going to the cloud hosted Apple update servers.
Remote Device Locking for Windows Modern
Swiftly respond to security breaches or data leaks by remotely locking devices through the web console. This feature not only enhances data protection and device security but also offers flexibility in unlocking devices either through the web console or by using a unique PIN set by the Administrator. MobiControl ensures a prompt and secure response to potential threats, providing comprehensive control over device access for efficient incident management.
Package Studio in the MobiControl Web Console
Experience seamless package management with Package Studio Support in SOTI MobiControl. Eliminate the disjointed process of using a separate desktop application by enabling the creation, viewing, and editing of packages directly within the web console. This not only enhances IT administrator efficiency but also reduces costs by removing the need for a dedicated Windows machine and streamlining all package management capabilities in one centralized platform.
SOTI Surf Scripting Option
Administrators can now create, save, and send JavaScript to the SOTI Surf browser to change the behaviour of web-applications. These scripts can be saved as templates to automate user actions such as auto login, autofill, and keypress options. The ability to send JavaScript can also be tailored to customize the display of web apps, such as SAP web apps, which don’t render properly in a standard mobile web browser.
Upgrade Considerations
To continue using the Legacy Remote Control Plugin, Customers must uninstall the current version from their local systems and re-install the plugin via the link present in the 2024.1.0 MobiControl Web Console. Remote Control via XSight is not affected.
Customers who make use of the MobiControl APIs will require an additional layer of encoding when including path parameters in their API calls which contain special characters (E.g. !@#$%^&*()+.\?/) due to security enhancements made to MobiControl’s backend.
Customers who are upgrading to 2024.1.0 from a MobiControl instance below 15.2.0 must ensure that in their database properties, the compatibility level is changed to SQL Server 2016 or greater.
New Features and Improvements
System Administration
Improved Visibility of Assignment Options
Users are now able to view profile assignment options from the "Assignment" tab in the profile details dialog box. This will simplify the process users take to view profile assignments and allow them to identify wrong configurations faster and/or compare with other profiles. Three new distinct tabs for installation, profile scheduling and package options are also being introduced when configuring assignment options to improve visibility of all cards.
Device Search Mechanism for Assigning Profiles & Policies
This feature will let administrators search for devices when assigning profiles/ policies to specific devices. Furthermore, the search filter will carry over to multiple device groups so that the query does not have to be retyped.
Maximum Device Action Limits
Users can control how many devices in bulk can be impacted by a single device action. This adds an additional layer of security for users to mitigate the risk of unwanted bulk device actions being sent to many devices. In addition, this feature will allow a configurable setting for each user/group/role that controls how many devices can be actioned by a user in one go.
Concurrent Profile Editing Warning
This feature will provide users with a warning message in the “Edit Profile” window whenever another user is actively editing the same profile. This will help avoid situations where users accidentally over-write changes in a profile.
Enrollment Based on Restriction Criteria
Experience precise control over device enrollment with enhanced criteria-based restrictions. Define enrollment criteria within Android, Apple and Linux enrollment policies tailored to your needs for seamless control over device enrolment.
User Group Device Enrollment Limit
Users can now limit enrollment within a user group for authentication-based enrollment. This restriction ensures that users cannot enroll beyond the defined limit specified in the restriction rules. This feature applies specifically to authentication-based enrollment, serving to curb any unauthorized use of licenses.
Clone App Policy
With this new feature, users can easily replicate existing app policies, streamlining the deployment process and saving valuable time. Clone will create an App policy in draft which can be further modified. This feature enables users to establish a foundational structure and significantly reduces the time required to initiate policy creation, eliminating the need to create the policy from the start.
Interactive High Charts
Visualize your data more effectively with the numerous enhancements and adjustments that have been made to the charts in MobiControl. Charts have become more interactive with incorporate features such as drag-and-drop functionality, 2D and 3D preferences, a magnifier, and legends. The users can now create a filter query with just a click on the chart. Additionally, "Others" drilldown, will enable the users to delve deeper into the data.
Users and Permission Search
This functionality will empower users to efficiently search through extensive datasets within users and permission in users, groups and roles tab using keywords. This streamlined search capability not only saves time but also boosts productivity significantly. Moreover, users can effortlessly establish mappings with users and roles through a simple click, enhancing the overall efficiency of data management.
Improvements to Profile Export and Import
Users may now export and import Apple, Windows, and Linux profiles along the existing support for Android. Profile configurations which contain certificates and passwords are now included and up to 3GB of packages may be selected. Furthermore, export and import requests are now placed in a queue with the requests of other users and are prepared in the background, allowing users to continue using the web console. (Note: Apple tvOS profiles are not supported as of this release)
Copy General Permissions
Administrators can now copy general permissions from one role, user, or group to another with the copy permissions option. This reduces the effort of configuring new roles, users, or groups by allowing administrators to build from the general permissions of existing ones.
Profile Installation Status
With this feature, users can now click on the statuses next to the profile execution status chart. This will open a new tab of the MobiControl web console on the devices page, where you can find the devices with that execution status, thereby streamlining the workflow of troubleshooting problematic profile statuses.
Signal Policy Improvements
Users can now create Signal Policies that support events and properties for Linux, Windows Modern, and Windows Desktop classic devices. Moreover, users can choose additional categories for configuring conditions related to System, User and Group, Profiles, and Policies. Lastly, with the introduction of device side evaluation frequency, users can configure Signal Policies to be more responsive and allow devices to initiate Send Script actions for certain conditions even when devices are offline.
Android
Device Reboot Policy Condition Support
Administrators can now execute scripts after device reboots even when the device is not connected to the MobiControl Server. This avoids mobile worker disruptions by running scripts before the device is in use and ensures operational continuity post device reboot.
Restrict Passwords Attempts for Device Users to Enter Administrator Mode
Administrators can set limits on incorrect attempts to access administrator mode on the device. This enhances security by guarding against brute force attacks, reducing the risk of unauthorized access and data breaches.
JSON Custom Data Support
Administrators can now utilize JSON files for custom data generated by business applications directly within MobiControl. This enables administrators to effortlessly access and display the corresponding values in their web console. This eliminates the need to engage in complex workflows aimed at translating JSON files into INI or XML formats.
VPN IP Details for Android Devices
Users can easily identify devices that are connected to a VPN as they can now view both device and VPN IP addresses (IPv4/IPv6) at the same time on the Web Console. This feature will increase productivity as the employee need not determine VPN details manually for each device.
Zebra LifeGuard OTA: Cancel an already scheduled firmware upgrade
Administrators can now cancel any scheduled firmware upgrade on any compatible Zebra device through the Web Console. This update will increase the OS management efficiency of the organization and reduce the operational costs due to incorrectly scheduled upgrades.
Android Enterprise
Knox Service Plugin: Embedded Premium License Support
For Samsung devices enrolled as Android Enterprise Work Managed, administrators can now deploy premium features through Samsung Knox Service Plugin (KSP) OEMConfig via Profiles through Profiles, without having to enter a Knox Platform for Enterprise (KPE) Premium License. This allows administrators to efficiently configure their Samsung devices without obtaining a KPE Premium License from the Knox Admin Portal.
Speed Control Lockdown Only
Admins can now configure a Speed Control lockdown on Android devices, without requiring configuring a Device Control Lockdown. This will enable administrators to only enforce a Lockdown while their device is in motion and allowing the device to revert to the native Android experience when stationary, providing device users regular access to the device when permitted.
IKEv2 Android Native VPN Support
Configure and deploy IKEv2 Android Native VPN types including IPSec RSA, IPSec PSK and IPSec MSCHAPv2 to Android Enterprise Work Managed devices. This allows administrators to simplify VPN solution management by deploying Android Native VPN policies for the VPN client that is built into the Android operating system which avoids having to install third party VPN client apps.
Work Managed and Corporate Personal Firewall Support
Configure firewalls for Samsung devices deployed in both Android Enterprise Work Managed and Android Enterprise Corporate Personal modes. This allows administrators to either restrict or reroute users when accessing specific IP addresses through cellular network, Wi-Fi, or both.
Corporate Personal Device Factory Reset Support
Administrators can now factory reset their Corporate Personal Devices running Android 11 or above wiping both personal and work profiles of the device. This will reduce the loss of time and productivity for Administrators as the burden of performing a manual factory reset of the device is alleviated.
iOS
QR Code Enrolment
Administrators can now generate and utilize QR codes for iOS Enrollment Policies. This QR code can be downloaded and distributed to enroll your iOS fleets swiftly and smoothly.
Better OS Update Command
Admins can now use the new ‘Download and Install’ option for iOS device software update actions; automatically fetching, downloading, and installing the iOS software update in a single-step.
Default App for Web Clips
Admins can now specify a default application in a Web Clip Profile that will be used to open the Web Clip URL. This improves the experience for the device user as the desired application will be invoked directly instead of the Web Clip invoking the default web browser.
More App Store Regions
Admins can now create App Policies using Apps from 70 new Apple App Store regions. Allowing you to deploy more apps across your fleet globally.
Expanded Support for Google and Security Profiles
Configure and deploy new capabilities to iOS devices through Profiles, with the introduction of Google Accounts, Encrypted DNS, and Certificate Transparency configurations.
Advanced Configurations Improvements
Admins can now set a time zone manually for their devices so that they can configure their devices according to the time zone they want rather than what is set for them by location services. Admins can also now enable or disable Diagnostic Submission for Shared iPad devices so that the privacy of their data can be protected by preventing the device(s) logs from being sent to Apple.
macOS
Managed Apps for macOS Devices
IT administrators can now deploy applications as managed applications from both the 'App Store' and uploaded PKG files, with the real-time status updates on the Web Console. Additionally, the preinstalled unmanaged applications can now be converted into managed ones, from the Application listing under the Device Info screen. Finally, the managed apps will now get uninstalled automatically upon device un-enrollment from MobiControl or upon the App Policy un-assignment, deletion.
Distribution of iOS Apps on macOS Devices
Administrators now have access to a comprehensive listing of iOS Apps compatible with multiple Apple platforms. This update significantly enhances the app search and selection experience within the macOS App Policy, providing greater empowerment for SOTI MobiControl administrators. Moreover, it enables the seamless distribution and installation of iOS Apps, specifically tailored for Apple Silicon-based macOS devices.
Blocking of Apps and Process on macOS Devices
This enhancement provides SOTI MobiControl administrators with precise control over application execution. The update empowers administrators to prevent OS updates by blocking the OS updater process. Additionally, in cases where a process is restricted from execution, the device user will receive informative notifications regarding the blocked applications and processes.
Display execution status and output of scripts sent to macOS devices
This new feature gives SOTI MobiControl Administrators more visibility in the script execution. Administrators can now define whether they want to get the result and output of the scripts sent to devices or not.
Windows Modern
Directory/Federated Enrollment
MobiControl Administrators can now enroll devices with a more secure and precise way with identity providers (IdP) along with Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) protocols. This resolves the ambiguity in the previous Directory enrollment policy which arose when there were multiple enrollment policies which had user groups that contained the same user.
Compliance Policy
IT administrators can effectively monitor and enforce compliance for Windows Modern devices. Easily set and manage compliance criteria based on diverse device and app properties. View non-compliant devices in the web console, receive email notifications, and implement conditional access for applications. This feature ensures seamless alignment with business requirements, enhancing monitoring efficiency and enabling proactive identification and management of compliance issues.
Web Content Filtering
IT administrators can now control website access on Windows Modern devices. Effectively manage allowed and blocked websites, domains, and IP addresses, seamlessly applying restrictions on devices for Chrome, Firefox, and Edge web browsers. Users gain access only to defined web content, reducing security risks and data leakage on unsecured networks. This feature enhances business efficiency, promoting a secure work environment while boosting productivity.
Windows Hello
Enhance device security by enabling IT administrators to effortlessly activate and configure Windows Hello settings through the MobiControl web console. This feature allows users instant access to Windows Modern devices using a secure PIN, facial recognition, or fingerprint, mitigating the risks associated with password reuse and vulnerability to phishing attacks. IT administrators gain control over configuration settings, providing a seamless and efficient login experience while strengthening protection against credential theft.
Windows Sandbox Environment
Empowering IT administrators, this feature enables the effortless activation or deactivation of the Sandbox environment for individual devices or groups via the web console with a single click. It safeguards Windows Modern devices during application testing, streamlining security across extensive device fleets. This capability minimizes malware risks and ensures a secure testing environment.
Linux
Package Script Status and Output
Admins can now see the status of scripts associated with the package sent to devices via packages and request the output of executed scripts from the device by enabling the Capture Script Status and Output toggle while sending a script to the device.
Authentication Payload
This functionality empowers administrators to establish password compliance for users, requiring them to set a password that meets specific criteria, ensuring that passwords used on their Linux devices are robust and serve as a crucial initial defense against security breaches.
SOTI Surf
SOTI Surf SSO through SOTI Identity
SOTI Surf now supports single sign-on authentication via SOTI Identity, enabling users to sign-in once and have access to all their essential webapps. This feature provides a more seamless, efficient, and productive user experience within a more secure user verified workflow.
Configure Desktop Mode and User Agent
Administrators can now configure SOTI Surf to render web content in Desktop mode by default, removing the need for users to toggle the rendering mode themselves.
Additionally, administrators can now customize the User-Agent value that is advertised by SOTI Surf to ensure compatibility with websites which have specific expectations about the web browser being used.
Deprecations
SharePoint 2013
With the recent Microsoft announcement to end support for Microsoft SharePoint 13, SOTI Hub has deprecated support for Microsoft SharePoint 13. SOTI Hub will continue to support Microsoft SharePoint Online.
Resolved Issues
MCMR-33383
SOTI Identity users were unable to view and edit Profile permissions
MCMR-34116
Profiles were stuck on ‘Pending Install’ status on certain Zebra devices
MCMR-31498
Improved performance for phone call profiles with multiple phone numbers
MCMR-32331
Improved overall web console performance
MCMR-34820
Packages were not loading correctly within profiles
MCMR-35354
Logging out of Azure shared device using the device action in the web console did not work
MCMR-33498
Profile assignment failing due to previously configured package installation date not being updated.
APIs
The following REST APIs were introduced in MobiControl 2024.1.0:
Export and Import Profiles Improvements
- Request the export of given profiles and packages
- Download the zip archive of profiles and packages given the export session reference ID
- Retrieve a summary of the packages associated with a given set of profiles
- Cancel an import session given the session reference ID
- Start an import session given the import session ID
- Request the import of a zip archive of profiles and packages
File Sync Policies
- Request the list of all File Sync Policies
- Request to download the CSV of File Sync Policy listing summary
- Request to email File Sync Policies summary listing
- Retrieve the list of logs for the specified File Sync policy
- Get the count of information, warning, and error logs for the specified File Sync policy
- Disable the specified File Sync policy
- Assign the specified File Sync policy to target devices and device groups
- Retrieve assignment information for the specified File Sync policy
- Create a new File Sync policy
- Update the specified File Sync policy
- Retrieve details of the specified File Sync policy
- Delete the specified File Sync policy
- Get the list of Root Folders along with their information
- Retrieve details of the specified folder and its subfolders
- Get the list of all files in the specified location along with their information
- Create a new Folder at the specified location
- Update the name of the specified file or folder
- Upload files to the specified folder
- Download the specified file
- Delete the specified file or folder
Reports
- Retrieve the list of all Schedules for a specified Report
- Retrieve details of the specified Report Schedule
- Create a new Report Schedule
- Update a specified Report Schedule
- Update the specified Report Schedule based on the defined action type
- Delete the specified Report Schedule
- Enqueue a scheduled report
- Retrieve the list of logs for the specified Report Schedule
- Get the count of information, warning, and error logs for the specified Report Schedule
- Retrieve the list of all clear reports
- Import a clear report
- Get parameters for the specified report
- Retrieve the list of all Queued Reports with status
- Enqueue a specified report
- Dequeue the specified Queued Report
- Download the specified Queued Report
- Cancel the specified Queued Report
- Restart the specified Queued Report
Data Collection Policy
- Retrieve the list of all Data Collection Policies
- Download the CSV of Data Collection Policy listing summary
- Email Data Collection policy summary listing
- Retrieve the list of logs for the specified Data Collection policy
- Get the count of information, warning, and error logs for the specified Data Collection policy
- Disable the specified Data Collection policy
- Assign the specified Data Collection policy to target devices and device groups
- Retrieve the assignment information of the specified Data Collection policy
- Create a new Data Collection policy
- Create a new Data Collection policy for Apple devices
- Update the specified Data Collection policy
- Update the details of the specified Apple Data Collection policy
- Retrieve details of the specified Data Collection policy
- Retrieve details of the specified Apple Data Collection policy
- Delete the specified Data Collection policy
Device Relocation Policy
- Retrieve the list of all Device Relocation Policies
- Download the CSV of Device Relocation Policies summary listing
- Email Device Relocation policy summary listing
- Retrieve the list of logs for the specified Device Relocation policy
- Get the count of information, warning, and error logs for the specified Device Relocation policy
- Disable the specified Device Relocation policy
- Assign the specified Device Relocation policy to target device groups
- Retrieve the assignment information of the specified Device Relocation policy
- Create a new Device Relocation policy
- Update the specified Device Relocation policy
- Retrieve details of the specified Device Relocation policy
- Delete the specified Device Relocation policy
Telecom Expense Management Policy
- Retrieve the list of all Telecom Expense Management Policies
- Retrieve details of the specified Telecom Expense Management policy
- Disable the specified Telecom Expense Management policy
- Delete the specified Telecom Expense Management policy
- Create a new Telecom Expense Management policy
- Update the specified Telecom Expense Management policy
- Download the CSV of Telecom Expense Management Policy listing summary
- Email Telecom Expense Management policy summary listing
- Get the count of information, warning, and error logs for the specified Telecom Expense Management policy
- Retrieve the list of logs for the specified Telecom Expense Management policy
- Assign the specified Telecom Expense Management policy to target devices and device groups
- Retrieve the assignment information of the specified Telecom Expense Management policy
- Retrieve the list of all Telecom Plans
- Get details of a specified Telecom Plan
- Create a new Telecom Plan
- Update a specified Telecom Plan
- Delete a specified Telecom Plan
- Retrieve a specified schedule
- Create a new schedule
- Update the specified schedule
- Delete the specified schedule
Email Servers
- Retrieve the list of all the email server logs
- Retrieve the list of all the email server log count
Cloud Link Agent
- Retrieve the List of Cloud Link Agents
- Retrieve the details of the specific Cloud Link Agent
- Creates a Cloud Link Agent.
- Deletes the specific Cloud Link Agent.
- Renews the configurations for a specific Cloud Link Agent
Enterprise Resource Gateway
- Retrieve the List of all Enterprise Resource Gateway
- Retrieve the details of specific Enterprise Resource Gateway
- Deletes the specified Enterprise Resource Gateway
- Downloads the extendible file of Enterprise Resource Gateway Setup File
- Retrieve the Logs for the specific Enterprise Resource Gateway
- Retrieve the count of information, warning, and error logs for the specific Enterprise Resource Gateway
- Retrieve the details of all Exchange Devices in the Enterprise Resource Gateway
- Deletes the specified list of exchange devices from the Enterprise Resource Gateway
- Updates the details for specific Enterprise Resource Gateway
Printer Administrative Server
- Retrieve the List of Printer Administration Servers
- Retrieve the details of the specific Printer Administration Server
- Creates a Printer Administration Server
- Updates the specific Printer Administration Server
- Deletes the specific Printer Administration Server
- Downloads Printer Administration Server client certificate
- Regenerates the client certificate for specific Printer Administration Server
- Fetches the certificate details for specific Printer Administration Server
- Scans the devices connected to the specific Printer Administration Server
- Downloads the Printer Administration Server log file
- Retrieve Management Server Logs for specific Printer Administration Server
- Fetches the count of Logs in specified Printer Administration Server
Servers and Logs
- Retrieve the logs for all Management Servers
- Retrieve the logs for a specific Management Server
- Retrieve the count of information, warning, and error logs for all Management Servers
- Retrieve the status of the specified Management Server
- Retrieve the count of information, warning, and error logs for the Specific Management Servers
- Deletes the specified Management Server
- Retrieve the status of the specified Deployment Server
- Retrieve the logs for all Deployment Servers
- Retrieve the logs for a specific Deployment Server
- Retrieve the count of information, warning, and error logs for all Deployment Servers
- Retrieve the count of information, warning, and error logs for the Specific Deployment Servers
- Deletes the specified Deployment Server
- Generates the Debug report
- Downloads the Requested Trace log
Bulk Action Limits
- Retrieve the Bulk Action Limits for a specified user
- Retrieve the Bulk Action Limits for a specified role
- Retrieve the Bulk Action Limits for a specified user group
- Updates the Bulk Action Limits for a specified user
- Updates the Bulk Action Limits for a specified role
- Updates the Bulk Action Limits for a specified user group
Zebra LifeGuard OTA
- Retrieve the list of devices currently scheduled for firmware upgrade
-
Release 2024.0 -- Build 1075 -- October 3, 2023
Note: SOTI MobiControl 2024.0.0 Build 1075 replaces the previous build (1074) posted on October 3, 2023.
Changes to Version Numbering
Going forward, the versioning of all SOTI products is being changed to provide a more consistent label that better reflects the timing of the release. 2024.0 is the next release after 15.6 for SOTI MobiControl, and all following releases will use this numbering convention.
Release Highlights
This release includes the following new features:
Import and Export Profiles
In SOTI MobiControl, you can now export Android profiles and their configurations from one environment and import them into to another. Administrators can leverage this feature to quickly transfer profiles between multiple environments, reducing the need for repetitive manual copying and eliminating the chance of human error.
Single-Sign On (SSO) for Shared Apps
We’ve added support for Mobile SSO for Android and iOS, Imprivata, and Microsoft Authenticator for single sign-on (SSO) for apps on your managed devices.
Microsoft Entra ID Shared Device Mode
You can now use Microsoft Entra ID Shared Device Mode for signing shared device users in and out of Microsoft apps such as Outlook and Teams, as well as 3rd party apps integrated with the Microsoft Authentication Library (MSAL). You can also configure automatic logouts, retain or clear app-specific data after logout, or set conditional access for Microsoft 365 apps to keep shared app access secure.
Imprivata Mobile Device Access (MDA)
Shared device users can now tap their Imprivata NFC-enabled badges to securely and quickly access their Android Work Managed devices and business-critical mobile applications thanks to SOTI MobiControl’s integration with the Imprivata MDA app. Only applications integrated with the Imprivata MDA SDK will be able to SSO via this method.
SOTI Mobile SSO for Android and iOS
This option is for businesses which aren’t looking to leverage Microsoft’s Shared Device Mode or Imprivata’s MDA but are still looking to improve the security and productivity of their frontline workers with SSO. SOTI Mobile SSO is powered by SOTI Identity, where-in SAML and OIDC capable mobile applications are registered, and users authenticated. After an initial sign-on, subsequent authentication challenges are managed without any further user interaction via certificate-based authentication.
SOTI Search
Our Search function has undergone a complete re-design under the hood with our latest release. It now delivers vastly improved searching and indexing speed as well as overall greater reliability. Moreover, customized property indexing delivers even faster results while optimizing resource use.
New Features and Improvements
Microsoft Integrations
Microsoft Entra ID Enrollment Authentication for iOS, macOS and Android Devices
With this feature, users can now directly authenticate iOS, macOS and Android devices upon enrollment using Entra ID (formerly “Azure AD”) without the need to configure Entra ID as an IdP. This streamlines a previous lengthy and potentially frustrating experience into a quick, simple process.
Microsoft 365 Conditional Access - Shared Mode Registration
In MobiControl 15.5.0, SOTI introduced integration with Microsoft to conditionally grant or deny access to Microsoft 365 apps on iOS and Android devices based on the devices' compliancy statuses. This was originally limited to corporately-owned dedicated and BYOD devices – a one-to-one association between device and user. This new improvement no longer requires user to device association, meaning MobiControl can deem a device compliant or non-compliant without affecting the users. Lastly, registration of the device to Microsoft Entra ID (formerly “Azure AD”) will be automatically triggered, removing the need for repetitive manual authorization.
Microsoft 365 App Protection Policy
Admins can now select the specific apps they want to apply Microsoft 365 App Protection Policy to, instead of having to apply to all apps. This is applicable to Android and iOS devices. We’ve also introduced the Access Restriction tab where users can set app access policies for Microsoft 365 mobile applications on the Android platform, such as requiring a PIN or corporate credentials to access the protected apps.
System Administration
Easily View Device Group Level Profile Assignment
You can now see all the Profiles you’ve assigned to a device group without the need for cross-referencing profiles or devices. This information is accessible in the new Profiles & Policies tab when viewing a Device Group or by selecting Profiles & Policies when right-clicking on a Device Group. Users can filter the assigned profiles and policies by device family and quickly access individual profiles and policies by clicking on the accompanying hyperlink.
Support for External Notifications (Webhooks)
MobiControl can now provide real-time external notifications to third party applications via Webhooks. This opens valuable automation opportunities for customers to instantly update their external systems whenever a specific event or condition in MobiControl occurs. Webhooks are triggered via Signal Policies, where users have a wide range of events and conditions to choose from. Users are also able to craft the payload and choose what parameters about a managed device they would like to receive with the webhook notification.
Signal Policy – Custom Data Support
Administrators can now take advantage of custom data pulled from devices to create conditions for triggering Signal Policies. These conditions are supported for the Managed Device category. This feature allows a myriad of new customized conditions which can be configured accordingly to more business specific use cases.
Signal Policy – Apple Platform Support
Signal Policy users are now able to monitor and trigger Signal Policies for Apple devices. Customers deploying iOS, and macOS devices are now able to create complex and customized conditions for triggering automated actions from a wide range of properties and events found across MobiControl.
License Information
You can now access and update License Information directly via clicking License Information in the hamburger menu. Users can also use public APIs to View and Update License information.
Improved User Experience for Rules, Servers and Reports
In this latest update, we've diligently worked to enhance and streamline the user experience on several fronts. Windows Modern Enrollment, File Sync, Data Collection, and Telecom Expense Management Rules are now accessible as Policies. Reports have been integrated into the new-generation user interface. Administration of Cloud Link Agents, Enterprise Resource Gateway, and Printer Administration Servers is now conveniently accessed via Global Settings. Additionally, we've centralized Management Server and Deployment Server logs under System Health for your convenience.
Limit Device Enrollment Per Policy
You can now set a limit on the number of devices that can be enrolled into MobiControl through an Enrollment Policy, providing more precise control of automated enrollment.
Custom Data and Custom Attributes Usage Details
MobiControl users can now view a list of configurations and device groups that a particular custom data or custom attribute is associated with while making changes to that respective custom data or custom attribute.
System Health – Signal Database and Signal Server Status
The System Overview page in System Health has been updated with information for the Signal Database and Signal Servers status. These improvements allow MobiControl administrators to know at a glance the status of the Signal Database and the status of individual Signal Servers so that actions can be taken immediately to remedy any issues found.
Built-in API Client Manager
With this new feature, users are now able to create and manage their own API clients directly within the MobiControl web console. Users can create and configure API clients by simply accessing the new API Client option under the Services tab in Global Settings. Users will be able to create API clients with a few simple clicks and get access to the client credentials information needed to authorize their application.
Authenticate SOTI Identity Users Without Email
Customers are now able to enroll devices and assign SOTI Identity users to devices in MobiControl via a username. This allows customers to skip the process of creating enterprise email accounts for all their end users. These users may be searched for across MobiControl where user search is supported and the associated email or username of the user is displayed in the User Details section of the Device Information panel.
Additional Search Operators
Users are now able to employ the IN and NOT IN search operators when performing a device search or assigning Profiles and Policies. Users may copy and paste multiple comma-separated values or enter strings and numeric values in combination with an IN or NOT IN operator to specify the list of search results they wish to receive. Device Properties, applicable Extended Properties, Custom Data, and Custom Attributes are supported when using these operators.
Notification Panel Enhancements
Users are now alerted that there are new notifications to be read with a red dot indicator on the Notification bell icon. Unread notifications are now distinguishable from read notifications with a blue dot next to each unread notification. The users can now also mark a notification as Read or Unread and have the option to Mute or Unmute notifications. The notifications can now be filtered to view only Read, Unread, or Muted notifications or a combination of the three according to the user’s preferences.
Support for EJBCA
Users can now use Enterprise Java Beans Certificate Authority (EJBCA) in MobiControl, a trusted entity that stores, signs and issues digital certificates. EJBCA also supports Enrollment over Secure Transport (EST) protocol which is a cryptographic protocol that automates the issuance of certificates for public key infrastructure clients that need client certificates associated to a certificate authority. This new feature allows users to deploy EJBCA certificates for Wi-Fi profiles in MobiControl.
Basic Authentication Support for SCEP
With this new feature, users can now use basic authentication with server-side Simple Certificate Enrollment Protocol (SCEP) for the ADCS certificate authority type. SCEP secures the message exchange for the certificate signing request.
Hide Location and Collected Data Tabs
You can now restrict specified MobiControl users from accessing the Location or Collected Data tabs in the Per Device view across your entire device fleet.
Android
Device Inactivity Profile
With this feature, customers can now automate actions to be performed on their Android devices after a set period of inactivity. You have the options to have the device play media or wipe app data after the device has been inactive for the specified period. This feature is only available to Android devices on MobiControl agent 15.4.0 or above.
Zebra LifeGuard OTA Enhancements
With this new enhancement, you can now view the user account currently logged in, reset the user account to log in with another user, and schedule OTA firmware updates to all the devices enrolled in MobiControl. These additional tools will help administrators provide quicker, more efficient results.
View Secondary SIM and eSIM Information
Customers can now view all information related to primary and secondary SIM as well as configured eSIM on the MobiControl web console. With more information available where you need it, you’ll have an easier time making more informed decisions. This feature is only available to Android devices on MobiControl agent 15.4.0 or above.
Automatic Logout on Shared Devices
We’ve added a new feature that enables administrators to configure shared devices so that they automatically logout after a set period of time or a set period of inactivity. This prevents applications that potentially contain corporate or personal information from being accessed by unauthorized users, keeping data secure and private.
Manage App Data on Shared Device Logout
You can now specify what data is retained and what data is wiped on user logout of a shared device. This new feature means greater control over retaining important data while still removing unneeded or potentially sensitive data from devices with multiple users.
Android Enterprise
Enrollment QR Code Generator
MobiControl admins are now able to create Android Enterprise enrollment QR codes directly from the web console. Previously, this feature was only available either through our Stage Programmer app or creation through a third-party QR code generator. With this addition, you are now able to create, save, edit and manage Android enrollment QR codes directly from the Enrollment Policy menu.
Agentless Enrollment Support for Corporate Personal
Agentless enrollment support is now extended to Corporate Personal devices. Admins can now enroll their Corporate Personal Devices via AMAPI, a cloud-based native solution provided by Google that uses new APIs where agent work is handled by Google.
Lockdown Screen Preview
With this enhancement, we’ve added support for a preview section in Lockdown, where admins can see a demonstration of the lockdown screen after selecting the necessary manufacturer and model along with the selected template before assigning it to the device. This makes it easier to ensure the template you’ve chosen is the right one for your device lockdown screen.
OEMConfig via Profiles
In the past, admins that wanted to utilize the power of OEMConfigs on their Android devices needed to deploy an App Policy, add the specific OEM application and then edit the Managed App Config for that application. With this new feature, we have enabled admins to configure OEMConfigs straight through profile configurations for Android Work Managed for the following OEM’s into the 2024.0.0 release: Samsung, Zebra, Honeywell, Panasonic and Datalogic. Admins will simply need to push a profile containing the appropriate OEMConfig payload without having to go through the process to configuring the Managed App Config for the OEM application in App Policies.
Whitelist Apps in Application Run Control
For all Android Enterprise profiles (Work Managed, Work Profile and Corporate Personal), we have enabled the ability for admins to select between configuring a list of blacklisted applications or whitelisted Applications for the Application Run Control configuration. This will ensure that instead of admins having to set a large list of applications to block based on their company's security and compliance policies, they can simply list out the select applications to allow on the device using Android Enterprise profiles, thus blocking user access to all other applications. By using this feature, admins can prevent any confidential information being shared unwillingly with third-party apps.
Phone Call Policy
For Android Classic devices, admins have been able to configure Phone Call policies to set restrictions on incoming and outgoing calls. However, to accomplish this same behaviour on Android Work Managed devices, admins needed to use custom scripts to accomplish the same behaviour. With this enhancement, we have added Phone Calls configuration support within Android Work Managed profiles to configure their organizational policies regarding incoming and outgoing calls on their Work Managed device. Deploying this configuration can increase the productivity of a device user by restricting unauthorized phone calls based on the business' needs.
IKEv1 Android Native VPN Support
MobiControl admins that enroll Android Enterprise devices have access to Android native VPNs that can be configured to secure their network traffic on their devices. In the past, admins had to create custom scripts to configure these native VPNs that were prone to configuration errors. With this enhancement, we’ve added the ability to configure four new VPN types in Android Work Managed profiles: IPSec XAuth RSA, IPSec XAuth Hybrid RSA, L2TP and PPTP. Configuring these native VPNs is easily discoverable through profiles and provides admins an error-free experience.
Profile Scheduling
In the past, when an admin wanted specific profiles or configurations to be active on their Android device for particular days of a given week and inactive for the remainder of the week, they needed to manually apply and revoke those profiles from their Android devices. With the addition of Profile Scheduling on Android, the admin can set a profile to be activated and deactivated from their devices based on a reoccurring weekly schedule that is configured at the time of assignment. This new feature can satisfy use cases such as activating a device lockdown exclusively during work hours, Mondays to Fridays from 9am to 5pm, and removing the lockdown while outside of work hours. In addition to that, admins can set different profiles to be active on different days of the week based on the business needs.
iOS
Shared iPad for Business
With Shared iPad for Business, multiple users can share an iPad by having their corresponding app data, files, policies, or mail accounts automatically loaded to the device when they sign in. Each user will have a separate storage partition on the device. Admins will have the ability to remotely delete or log out users. They will also be able to disable temporary sessions, so that only users with Managed Apple IDs can access the Shared iPad resources.
Modernizing Payloads
We’ve added support for various configurations, such as Kerberos ESSO Payload, Cellular Payload, IKEv2 VPN Payload, Lock Screen Message Payload, Per-App DNS Proxy, and Per-App Content Filter, so admins can leverage the fixes and benefits provided by these additional settings. This expanded range of configurations empowers admins to enhance the functionality and security of their systems, ensuring a more comprehensive and tailored experience for their users.
macOS
Task Scheduler
Admins can now schedule script execution on macOS devices, eliminating the need for manual intervention and ensuring consistent and reliable task execution. This empowers admins to automate the execution of scripts and, along with the Custom Data feature, you can target devices more efficiently. This feature is only available to macOS devices on MobiControl agent 2024.0.0 or above.
Custom Data
The new Custom Data feature provides you a valuable resource for better identification and targeting of macOS devices by allowing you to define your own searchable custom data sets. Defined custom data for macOS devices can be accessed in the MobiControl web console under Device Listing, Search, as well as under the Assign dialog. This targeted approach allows for more efficient allocation of resources, quicker troubleshooting, and seamless execution of device management tasks. This feature is only available to macOS devices on MobiControl agent 2024.0.0 or above.
Activation Lock Management
Admins can now bypass Activation Lock for enrolled macOS devices from within MobiControl via device action or manually on the device. This enables the swift transfer of devices to users and reduces device downtime. For security purposes, the Activation Lock Bypass Code for each device is stored in encrypted format and can only be viewed on the MobiControl web console by authorized individuals once they have the required permissions.
Recovery Lock Management
This new feature adds the capability of setting and resetting the Recovery Lock password from the MobiControl web console. This capability empowers organizations with an additional layer of protection by controlling the Recovery Lock password centrally and ensuring that only authorized individuals can access and make modifications to the device recovery.
Manage Disconnect Settings for Agent
You can now prevent device users from disconnecting from the MobiControl agent via the Disconnect button and potentially disrupting critical business operations. Admins can choose whether the Disconnect button is visible to users of the macOS MobiControl Agent from the MobiControl web console.
Restrict Changes to Login and Background Items
Login Items and Background Items are new features introduced in macOS Ventura. They provide users with the capability to manage and control which applications and processes run during the device startup and in the background. Device users may intentionally or unintentionally prevent critical applications and processes, including the MobiControl Agent, from running on their devices. With this release of the agent, admins can selectively disable the ability to change Login and Background Items and ensure the integrity and availability of critical applications and processes.
Erase All Content and Settings
With the introduction of Erase All Content and Settings (EACS) support for macOS devices, admins can securely and efficiently wipe all data and settings from macOS devices when necessary, using the legacy WIPE device action enhanced to support EACS. With just a few clicks, devices can be returned to their original factory state, ensuring data privacy and security. This capability streamlines the device reset process, saving time and effort for admins.
Software Updates Card UI Revamp
With the revamped UI of the Software Updates Card for macOS devices, admins can view their information in a more an intuitive way. The new interface offers a streamlined way review available updates, providing greater clarity on the updates and making it easier to make informed choices.
File Sync Policies are now supported for macOS
File Sync policies created for the Apple platform can now be assigned to macOS devices. With the new macOS support, administrators can now choose scripts to use (applicable for macOS only) while configuring file sync policies for Apple device family.
Linux
Linux Remote Lock
Administrators can now remotely lock and secure their Linux-based devices. This new feature renders the Linux device inaccessible to unauthorized users and serves as a valuable anti-theft measure. Access control mechanisms ensure that only authorized users or administrators can trigger the remote lock, enhancing the security of Linux devices and protecting your sensitive data. This is available in CentOS 8 and Ubuntu.
Windows
Windows Modern Enrollment Policy
We’ve migrated the Windows Modern Add Device rule to Enrollment Policy in MobiControl to support all the enrollment options available in the new front-end user interface of the Windows Modern device enrollment workflow.
Support Microsoft Entra Join Enrollment for MobiControl Cloud Customers
We’ve added a new enrollment type for our MobiControl Cloud customers to enroll their Windows Modern devices via Microsoft Entra Join (formerly “Azure AD Join”) Cloud Enrollment. This enrollment type was already available for on-premises instances but now it is also available for cloud instances. Entra ID Join is one of the methods for enrolling a Windows device into MobiControl – when the user signs into the device using Entra ID credentials, the device automatically enrolls into the MDM. We have implemented and published the MobiControl application in Entra ID cloud infrastructure which acts as trusted broker to facilitate Entra ID Join for MobiControl cloud customers.
XtremeHub Support for Windows Modern
In the past, when transferring large forms of business-critical content across a fleet of Windows Modern devices, this would cause a performance load on the MobiControl deployment server, resulting in the delayed distribution of files when the server is responsible for multiple tasks. With this enhancement, we are adding support for Windows Modern devices to be configured to receive content through XtremeHub enabled devices rather than the deployment server. Until now, only Android and Windows Classic devices could use the power of XtremeHub in association with content distribution.
Expanded Support for Multi-App Kiosk Mode
The Multi-App Kiosk Mode payload, previously known as Assigned Access: Configurations, is a great way to restrict a Windows Modern device users' access to a set of pre-defined applications, specified by the admin at the time of assignment. With this enhancement, we have added support for multiple users and user groups to be assigned to a single Multi-App Kiosk Mode payload, without the need to create duplicate payloads for multiple user accounts. Users that are part of local groups, AD groups, and Azure AD groups can be configured to be restricted to a Multi-App Kiosk Mode when they log in. Also, we have added support for the admin to specify a particular application to auto-launch once the device is logged into, further securing the device from unwanted access.
Firewall for Windows Modern
Previously, for admins to configure the Windows Defender Firewall for their MobiControl enrolled Windows Modern devices, they were forced to apply configurations through Group Policy or configure the firewall directly on the device. With this enhancement, we have provided the ability for admins to configure Firewall Settings and Firewall Rules payloads to set up their Windows Defender Firewall settings on their Windows Modern devices based on their business requirements to prevent unauthorized connections to their enterprise network.
Transition to Microsoft Edge and Application Auto-launch Support for Lockdown
Till now, the Lockdown payload on Windows Modern devices relied on an out-dated rendering engine based on Internet Explorer, meaning that many webpages and applications were not natively supported as they became incompatible with Internet Explorer. With this enhancement, we have updated the Lockdown payload to adopt a Microsoft Edge rendering engine, fit for any modern application and use case. Additionally, we have added support for home screen items to be selected to auto-launch when the device logs in. Combining this with the ability to set login options to auto login, this creates a seamless experience for any kiosk application of Lockdown to fully secure a Windows Modern device.
Configure Password Complexity for Windows Modern Devices
Password Complexity enables customers to configure complex passwords that are strong and difficult to breach. Previously, customers could not set criteria for complex passwords in the authentication payload or choose similar passwords for work and personal accounts, making their company devices more susceptible to phishing attacks and security breach. The Password Complexity feature prevents any unauthorized attempts to the customers device by utilizing the key capabilities of this feature.
BitLocker Keys
Administrators can now conveniently access BitLocker recovery keys through the MobiControl web console. This enables them to quickly provide the recovery key to the authorized device user in the event it is required by BitLocker.
Task Scheduler
Admins can now schedule script execution on Windows Modern devices, eliminating the need for manual intervention and ensuring consistent and reliable task execution. This empowers admins to automate the execution of scripts and, along with the Custom Data feature, you can target devices more efficiently. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.
Out of Contact Scripting
Admins can now configure automated script execution on Windows Modern devices when the device is out of contact for a specified period, eliminating the need of manual execution of scripts, ensuring consistent and reliable task execution when the device is out of contact. This empowers IT administrators to automate the execution of scripts. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.
Block USB and Serial Ports on Windows Modern Devices
You can now block USB and serial ports on Windows Modern devices, minimizing risk of data leakage and unauthorized access of devices. Admins can configure feature control profiles to specify the USB and serial ports to deny access to. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.
PowerShell Script Status and Output
Admins can now see the status of PowerShell scripts sent to devices via Send Script action and request the output of executed scripts from the device. By enabling the Capture Script Status and Output toggle while sending a script to the device, admins can take full advantage of this new feature. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.
Windows CE 8.0 Support
We’ve added support for devices with the Windows CE 8.0 OS to MobiControl, expanding the available options for supported operating systems.
Zebra Printers
Macros in Wi-Fi Authentication Settings for Printers
While configuring the Security settings for Zebra Printer Wi-Fi configurations, the username field in the authentication section had to be hardcoded. This led to IT admins wasting a lot of time and effort to update the username for every printer. Users can now use macros for the username field, where the username can be set to the printer’s Device Name or the Device Serial number dynamically.
SOTI Surf
Multiple Tabs in Kiosk Mode
We’ve added the ability to add multiple tabs in Kiosk Mode to access other URLs. Admins can configure this feature from the web console.
Open Same Tab for Same URL
Admins can now configure links to reopen the same previously open tabs. With this toggle on, device users can navigate back to a previously opened tab and resume their work by clicking on the same link. If the tab is already open, no new tab is opened after clicking the link.
Automatic Authentication for Website Certificates
You can now to specify a list of URL patterns that Surf can use to automatically select client certificates, reducing manual effort for your admins.
SOTI Settings Manager
Configure Mobile Data Access Points
Admins can now configure whether device users can access device settings, and enable or prevent those users from managing their APNs.
Manage Device Security
Admins can enable users to manage their own device security, including the ability to change their device PINs or password from Settings Manager.
Manual Sync with SNTP Server
User can now sync their device's date and time with the data from SNTP servers if the device does not sync automatically.
Toggle for Flashlight
You can now toggle the permission to enable users to use their device’s flashlight.
Customise Access to Sections
You can now configure what sections of Settings Manager device users can access. You can even specify a section outside of the main screen as the default landing screen.
Deprecations
Microsoft Products
In MobiControl version 2024.0.0 and above, we will no longer support the following OS versions. These versions will be deprecated as Microsoft has already ended the support for them and they have reached the end of their lifecycle:
- Windows Mobile 2003
- PPC 3.0
- PPC 4.20
- PPC 4.21
- CE 3.0
- CE 4.1
- CE 4.2
- Windows 2000
- Windows Server 2003, Windows Server 2008
- Windows XP, Vista
Server Action Scripts in File Sync Rules
In MobiControl version 2024.0.0 and above, we will be deprecating the ability to use server action scripts within File Sync rules. If you are currently using server action scripts in your File Sync rules in MobiControl versions prior to 2024.0.0, you will be impacted by this change upon upgrading to MobiControl 2024.0.0 or above. Actions that were previously executed by server action scripts must be migrated to a different method within your existing File Sync rules. Refer to this SOTI Pulse article for more details.
Samsung E-FOTA in Global Settings
In MobiControl version 2024.0.0, we will be deprecating the ability to use Samsung E-FOTA and its related functionalities as it was deprecated by Samsung in July 2022. It has been replaced by Samsung Knox E-FOTA One and will eventually be integrated in MobiControl. Customers can use Samsung Knox E-FOTA to manage firmware on MobiControl enrolled devices on the Samsung Knox Admin Portal until it is available in the MobiControl web console as a single pane-of-glass approach.
Self-Service Portal in MobiControl
In MobiControl version 2024.0.0 and above, we have deprecated the ability to access the Self-Service Portal (SSP) via MobiControl. If you are currently using SOTI XSight, you can continue to use SSP through XSight by entering your domain URL in the browser followed by ‘/ssp’ (https://server.domain.tld/ssp, where server.domain is your SOTI server domain). If you do not have SOTI XSight installed, SSP will be unavailable.
APIs
The following new REST APIs are included in this release:
- Android
- Fetch android application icon from Google Content library
- Zebra LifeGuard OTA
- Reset the currently logged in OTA account with new account
- Directories
- Return a list of configured LDAP directories and Microsoft Entra ID directories (formerly “Azure AD”) directories using only custom Azure applications. Additionally, Azure application type parameter can be used to return the Entra ID directories with default Azure applications.
- Return a list of configured Entra ID directories using only custom Azure applications. Additionally, Azure application type parameter can be used to return the Azure directories with default Azure applications.
- License Information
- Fetch license information
- Update license information using registration
- Update license information using offline activation
- Webhooks
- Create a new Webhook in MobiControl
- Get all the Webhooks in MobiControl
- Get Webhook Details in MobiControl based on the Reference ID
- Delete Webhook in MobiControl based on the Reference ID
- Update Webhook Details in MobiControl based on the Reference ID
- Update Webhook Status in MobiControl based on the Reference ID
- Test a Webhook in MobiControl
- Create a new Basic Webhook Credential in MobiControl
- Create a new ApiKey Webhook Credential in MobiControl
- Create a new None Webhook Credential in MobiControl
- Get Webhook Credential Details in MobiControl based on the Reference ID
- Delete Webhook Credential in MobiControl based on the Reference ID
- Update Basic Webhook Credential Details in MobiControl based on the Reference ID
- Update ApiKey Webhook Credential Details in MobiControl based on the Reference ID
- Update None Webhook Credential Details in MobiControl based on the Reference ID
- Device Group Profiles and Policies Cards
- Get Profile Digest info for a device group
- Retrieve details for all application policies assigned to a device group
- Return the list of all Device Relocation Policies for a specified device group
- Return the list of all Data Collection Policies for a specified device group
- Return the list of all Telecom Expense Policies for a specified device group
- Return the list of all Enrollment Policies for a specified device group
- Exporting and Importing Profiles
- Export given profiles and password in a zip file
- Import given profiles by getting a zip file and a password
Resolved Issues
MCMR-28017 AnyConnect VPN didn’t reconnect to devices after renewing certificates in the web console MCMR-29849 File Sync was generating .TMP file access errors MCMR-30918 iOS shared device mode login and logout would timeout and fail to complete MCMR-31021 The path to the MCDeplSvc.exe service was unquoted in the registry MCMR-31280 Profile assignment was not working correctly when adding or removing filter criteria MCMR-31280 Profile assignment was not working correctly when adding or removing filter criteria MCMR-31726 Custom data granular permissions were assigned incorrectly while editing a custom data MCMR-31732 Information in the iOS Device Information report CSV file was not aligned properly MCMR-31749 Some iOS devices unenrolled after upgrading from 14.58 (build 1073) to 15.5.1 (build 1010) MCMR-32591 Profile assignment sections with large numbers of device groups had loading performance issues for existing assignments MCMR-32857 Access right permissions could be removed from the Administrators group MCMR-33287 Scheduled reports and alert events had incorrect SMTP email prioritization MCMR-33446 The Notes section under device group advanced configurations would cause the web console to slow or freeze MCMR-33534 Compliance status in CISCO ISE did not match compliance status in MobiControl -
Release 15.6 -- Build 1018 -- September 19, 2022
- 15.6.1 Build 1048 on December 6, 2022
- 15.6.2 Build 1015 on March 13, 2023
- 15.6.3 Build 1018 on April 3, 2023
- 15.6.4 Build 1006 on June 26, 2023
- 15.6.5 Build 1018 on August 24, 2023
- 15.6.6 Build 1010 on November 28, 2023
Upgrade Considerations
- In SOTI MobiControl version 15.5.0 onwards, “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to SOTI MobiControl Administrators, SOTI MobiControl Technicians and SOTI MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.
- If you are using an older version of the Cloud Link Agent (CLA) (e.g.,1.x, 2.x ,3.x or 4.0), you must upgrade to CLA 4.1. Before upgrading, you must uninstall the older version of CLA. If CLA 4.1 is not set up with SOTI MobiControl 15.6.0, any operation or functionality related to LDAP and AD CS will not work.
- If you are installing or upgrading to SOTI MobiControl 15.6.0 and above, .NET Runtime 6.0 and ASP.NET Core Runtime 6.0 must be installed with all critical updates on the host server before you proceed with running the SOTI MobiControl installer.
- If you are installing or upgrading to SOTI MobiControl 15.6.0 and above, port 13131 needs to be open for outbound communication on the Management and Deployment Servers for communication with the SOTI MobiControl Signal Service.
- As of the August 2022 update to SOTI Identity, improvements were made to streamline user role management across all SOTI ONE products. These changes only impact MobiControl versions 15.6.0 and greater.
On upgrading from a version of MobiControl less than 15.6.0 to version 15.6.0 or higher the following impacts will be observed:
- Functions to add, modify and remove roles are no longer accessible within the SOTI Identity console.
- SOTI Identity roles that appeared in MobiControl as SOTI Identity user groups will be removed as part of the upgrade.
- SOTI Identity users and groups that were mapped with SOTI Identity roles will be listed directly in MobiControl with the same permissions that those users and groups previously inherited from SOTI Identity roles.
- Windows CE/Mobile devices that reset to their default factory settings may be unable to reconnect to SOTI MobiControl 15.5.0 or later due to device date and deployment server binding certificate date being out of sync. Before you upgrade or generate a new certificate binding, you may need to set up a Network Time Protocol/Simple Time Network Protocol (NTP/SNTP) server. Having the SOTI MobiControl agent or device contact an NTP/SNTP server before connecting to SOTI MobiControl allows devices to retrieve the current date and time. Impacted devices can then connect to SOTI MobiControl successfully once they reset to the factory default date and time.
For more information, see this article on SOTI Pulse.
Release Highlights
This release includes the following new features:
- Indoor Location Service
- Signal Policy
- Notification Panel
- Microsoft 365 App Protection Policy – iOS and Android
- Simplified Certificate-based Windows Modern Enrollment
Indoor Location Service
Indoor Location is a new premium feature of SOTI MobiControl that provides the real-time location of devices based on Wi-Fi positioning, allowing businesses to track their devices indoors. A device's current location or last known location is available to users with an option to see that device's movement over a 24-hour period. Additionally, by incorporating geofencing and SOTI MobiControl's Signal Policies, Indoor Location service can quickly track down devices indoors and trigger actions and notifications based on devices entering or leaving specific indoor zones. The Indoor Location functionality is available only to SOTI MobiControl customers who have purchased the SOTI Premium Plus or Enterprise Plus Service.
Signal Policy
Signal is a new policy type in SOTI MobiControl that allows the administrator to create customized conditions for triggering automated actions. Signal Policies are platform agnostic, meaning creating a policy per device platform is unnecessary. Signal can leverage information across Indoor Location and SOTI MobiControl for building conditions that best fit your business needs.
Notification Panel
The Notification Panel can display alert messages that a Signal Policy triggers, as well as Announcements, enabling SOTI MobiControl administrators to quickly view critical information about the state of their system or device fleet.
Microsoft 365 App Protection Policy – iOS and Android
In SOTI MobiControl, you can now create Microsoft App Protection Policies for Microsoft 365 apps on Android and iOS devices, ensuring corporate data is protected and contained within the apps. This policy provides granular access controls to protect the corporate data in the apps, such as copying data to the clipboard.
Simplified Certificate-based Windows Modern Enrollment
Certificate-based bulk enrollment of Windows Modern devices is now streamlined in 15.6.0. You can now directly download a Windows provisioning package from the enrollment rule, distribute it to the target devices and enroll in SOTI MobiControl. Here, we provide the ability to download a PPKG (Provisioning Package) file from the SOTI MobiControl web console instead of creating it using a Microsoft tool (Windows Configuration Designer).
New Features and Improvements
Administrative Console
iOS and macOS Enrollment Policies Migration
Apple Add Device Rules are now split into iOS and macOS Enrollment Policies. The creation and management of these policies is migrated to the next-generation user interface for a better user experience and overall consistency. The new design provides a view of all iOS and macOS Enrollment Policies in a list, along with a detailed view of each policy.
Note: The Apple Enrollment URLs have changed in this version of SOTI MobiControl. If you are upgrading SOTI MobiControl to this version, the Enrollment URLs of the Enrollment Policies created before upgrading to this version of SOTI MobiControl will no longer work. After the upgrade, new URLs for the existing Enrollment Policies will be regenerated automatically and should be used for device enrollment moving forward.
Linux Enrollment Policies Migration
Linux Enrollment Policies (formerly called Add Device Rules) creation and management is migrated to the next-generation user interface for a better user experience and overall consistency. The new design provides a view of all Linux Enrollment Policies in a list, along with a detailed view of each policy.
SOTI MobiControl has added support for LDAP authentication in the Linux Enrollment Policy along with this migration.
SOTI Identity User and Group Management in SOTI MobiControl
Users and Groups that have been assigned to SOTI MobiControl through SOTI Identity can now be viewed under the Users and Permissions section of SOTI MobiControl. Administrators can now manage the permission of these Users and Groups through SOTI MobiControl itself. Additionally, administrators can now retrieve matching users/groups from SOTI Identity directly while searching rather than relying on user input which eliminates the risks of misconfiguration.
Note: Customers with on-premises installations of SOTI MobiControl 15.6.0 or later must open a port or whitelist an IP address for SOTI Identity to ensure communication between products.
Android Enterprise
Knox Platform for Enterprise (KPE) Standard License Support
Samsung devices secured by Knox can now activate the KPE Standard License instead of the Enterprise License Management (ELM) license when enrolled as either Android Classic or Android Enterprise Work Managed to provide continued access to Knox-specific features. Previously enrolled Samsung devices with a Samsung ELM license activated remain unaffected.
Note: Android agent version 15.2.0 or above is required for new enrollments on Samsung devices.
Knox Service Plugin (KSP) Payload Support via Profiles
You can configure and deploy the Knox Service Plugin, Samsung’s OEMConfig, directly via Profiles for Samsung devices enrolled as Android Enterprise Work Managed. This allows administrators to easily discover and manage Samsung KSP features within the context of other Android Enterprise Work Managed profile configurations and avoid creating an App Policy.
Note: You can still configure and deploy KSP via App Policies if required.
Lockdown Template Macro Selection Support
Select Macros to add to your Lockdown Template from within the payload and avoid having to navigate to the help document to identify all available Macros.
New Password Policy - Complexity
You can configure a new password policy option in authentication called Complexity with the ability to set it as Low, Medium or High. This is available on Android 12 devices and is mandatory for Work Profile authentication by Google.
Android EMM API Deprecation and Update
We have updated to the latest Google EMM APIs available to maintain support for installing and configuring Google Play Store applications. New versions of these APIs are more scalable and provide additional future functionality. Previous versions of the API are being deprecated and, as a result, older versions of SOTI MobiControl will lose the ability to manage Google Play Store apps after December 1, 2023.
iOS
Home Screen Layout for iOS
For customers deploying dedicated devices or kiosk scenarios, Home Screen Layout adds the ability to add a Home Screen Layout configuration to a profile giving SOTI MobiControl administrators control over what and where applications can be located on the home screen.
macOS
Bootstrap Token Support
Apple automated the process of generating the secure token for mobile/network logins using the new concept of Bootstrap Tokens. Starting with macOS Catalina, this will help device users to generate a secure token for mobile/network accounts, without the need for administrator intervention.
Indoor Location Service
Indoor Location is a new premium feature of SOTI MobiControl that provides the real-time location of devices based on Wi-Fi positioning, allowing businesses to track their devices indoors.
Location Dashboard
The Location Dashboard offers a central view to critical information such as the number of devices in a location, including their management status and network connectivity. In addition, it allows you to configure and manage all locations in a similar manner to the existing Device Dashboard.
Indoor Location Portal
The Indoor Location Portal is where you can visually locate devices on a full-screen map view. This gives the clearest and most accurate presentation of your device activities, whether managed, unmanaged, connected or disconnected. The portal allows you to personalize the map using the map filter option and provides informative charts on all devices at your location.
Device Actions
As a SOTI MobiControl administrator, you can perform actions such as Play Sound, Rename, Send Script, Remote Control, Send Message or View Historical Location on a selected device. All actions can be performed from the Indoor Location Portal, which empowers device management with the most significant benefit being reduction in asset loss.
Geofences and Exclusion Zones
The indoor geofence and exclusion zone functionality allow you to create virtual zones on the map. One of its many uses is tracking devices entering and leaving these virtual zones. With this information, you can set up Signal Policies to trigger actions and notifications based on devices entering and leaving these zones. For the scenarios where you do not want to track devices in private zones such as dressing rooms or washrooms, Exclusion Zones can be drawn in a similar manner to geofences. Devices in exclusion zones are not shown on the map, and historical data is not saved for devices in these zones.
SOTI Design Studio
SOTI Design Studio is a new feature of SOTI MobiControl that supplements the Indoor Location feature and is accessed through the new Location Dashboard. No indoor map to upload when creating a location? No problem! Use this new design tool to create a detailed map of your indoor space and upload to Indoor location.
Signal Policy
Signal Policies enable businesses to automate the deployment of business policies, installation or removal of device applications, enforcing device configurations and much more. This includes conditions based on the entry or exit of indoor geofences supported by the Indoor Location Service.
Customizable Conditions
Administrators can configure complex conditions by leveraging information reported by Indoor Location and from SOTI MobiControl. For example, it is possible to create a condition which monitors the number of devices within an Indoor Location geofence. The conditions which can be created are highly customizable and can be associated with each other by using nested logical expressions.
Automated Actions
Signal can direct SOTI MobiControl to take automated actions once the configured conditions of a Signal Policy are fulfilled. Supported actions include Send Script, Send Message, Send Email, Trigger Alert and Relocate Devices.
Policy Scheduling
Signal offers a wide range of options for administrators to configure the schedule of their Signal Policy according to their business needs. For example, the policy can be set so that it is only activated on certain days of the week and within a specified time range.
SOTI Surf
Proglove Scanner Integration
SOTI Surf now supports integration with ProGlove Scanners on Android devices to capture data from ProGlove scanners, eliminating the need for field staff members to enter data in SOTI Surf manually and improving their overall productivity.
SOTI Settings Manager
Wi-Fi management in accordance with DFC
Settings Manager Wi-Fi can now be managed according to Feature Controls defined by an administrator.
General
Microsoft Windows Server 2022
You can now host the SOTI MobiControl server components and the SOTI MobiControl database on Microsoft Windows Server 2022.
Notification Panel
The Notification Panel can display alert messages that are triggered by a Signal Policy, enabling SOTI MobiControl administrators to quickly view critical information about the state of their system or the device fleet.
APIs
The following new REST APIs are included in this release:
- Microsoft 365 App Protection Policy
- Create a new Microsoft App Protection Policy integration
- Delete the Microsoft App Protection Policy integration
- Get the Microsoft App Protection Policy integration settings
- Get a list of Microsoft App Protection Policies
- Return the specified Android App Protection Policy
- Return the specified iOS App Protection Policy
- Create a new Microsoft App Protection Policy for Android
- Create a new Microsoft App Protection Policy for iOS
- Update the specified Android App Protection Policy
- Update the specified iOS App Protection Policy
- Delete the specified Microsoft App Protection Policy
- Return a list of Microsoft Azure Active Directory groups
- Android Configuration
- Retrieve the Samsung KPE configuration
- Update the Samsung KPE configuration
- Apple Automated Device Enrollment
- Creates assignment for Automated Device Enrollment devices to specified Enrollment Policy
- Returns all Enrollment Policies associated with the specified Automated Device Enrollment Account
- Returns all Automated Device Enrollment devices assigned to the specified Enrollment Policy
- Creates or removes the default Mac Enrollment Policy for an Automated Device Enrollment Account
- Creates or removes the default iOS Enrollment Policy for an Automated Device Enrollment Account
Deprecations
From November 2018, Samsung stopped their support to generate ELM or KLM licenses. ELM key service was deprecated by Samsung for any new enrollments starting January 2021, but existing enrollments on ELM will continue to work as is. Applications can no longer activate ELM license keys on new devices (More Details). The ELM key is replaced by BCK (Backwards Compatibility KEY) and KPE keys. To cater this change by Samsung, SOTI MobiControl also deprecated ELM support for new enrollment from v15.6.0. Already enrolled devices using an ELM key will continue to work as is.
Learn more about using these new features with What's New in SOTI MobiControl Online Help.
Resolved Issues
MCMR-24723 User screensaver settings were not getting changed even after the Screensaver profile was successfully installed on macOS devices MCMR-26789 Users who migrated Zebra devices from DA to DO were not able to reset the binding on the group of AE devices MCMR-27468 Users could not generate the "Installed Applications with name and version" report under the Android Platform more than once MCMR-28570 User could not revoke a certificate that was pushed to a Windows device MCMR-28781 Web content filter settings in profiles were not accepting custom domains in the whitelisted URL field MCMR-28893 Help links were not working when the console language was set to Japanese MCMR-29008 Device actions would show as successfully pushed when they were not sent to devices MCMR-29066 Users with SOTI MobiControl Viewer permissions were not able to see devices when the View All Devices option was selected on the device listing page MCMR-29194,
MCMR-30856Inaccurate data was displayed in charts on the Devices page MCMR-29733 Users were unable to upgrade Zebra devices using Lifeguard OTA and were stuck in the Blocked state MCMR-29849 File sync was generating files that were inaccessible MCMR-29860 The lockdown browser (Electron) failed to open URLs in Linux Ubuntu 20.04 MCMR-30150 Devices would attempt to redownload their content libraries after connection issues MCMR-30152 Users could not sort lockdown templates by name MCMR-31395 Settings Manager got disabled after SOTI Generic AE Plugin 1.21.0.123 was installed Known Issues
MC-163798 When editing an App Protection Policy, user groups configured as excluded are shown in the assigned user group list -
Release 15.5 -- Build 1021 -- January 31, 2022
Upgrade Considerations
- In SOTI MobiControl version 15.5.0 onwards, “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to MobiControl Administrators, MobiControl Technicians and MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.
- If you are using an older version of Cloud Link Agent (CLA) (e.g.,1.x, 2.x ,3.x or 4.0), you must upgrade to CLA 4.1. Before upgrading, you must uninstall the older version of CLA. If CLA 4.1 is not set up with SOTI MobiControl 15.5.0, any operation or functionality related to LDAP and ADCS will not work.
- Windows CE/Mobile devices that reset to their default factory settings may be unable to reconnect to SOTI MobiControl 15.5.0 or later due to device date and deployment server binding certificate date being out of sync. Before you upgrade or generate a new certificate binding, you may need to set up a Network Time Protocol/Simple Time Network Protocol (NTP/SNTP) server. Having the SOTI MobiControl agent or device contact an NTP/SNTP server before connecting to SOTI MobiControl allows devices to retrieve the current date and time. Impacted devices can then connect to SOTI MobiControl successfully once they reset to the factory default date and time.
For more information, see this article on SOTI Pulse.
Release Highlights
This release includes the following new features:
- Conditional Access for Microsoft 365 Apps
- Direct Managed App Configurations
- Agentless Support for Work Profile
- Advanced Windows Update Management
- Limited Announcements Based on User’s Permissions
Conditional Access for Microsoft 365 Apps
You can now conditionally grant or deny access to Microsoft 365 apps and other mobile apps which utilize Azure AD authentication on Android or iOS devices. SOTI MobiControl integration with Microsoft allows you to use MobiControl device compliance status in Azure AD conditional access policies. When configured, only the compliance statuses of devices assigned to the compliance policy will be reported to Microsoft, enabling you to manage the scope of the devices synchronized with Microsoft.
Direct Managed App Configurations
Configure App-specific and OEM-specific policies on your Android Enterprise devices using Managed Configurations without requiring Google Play Services. With this upgrade, you can easily manage and deploy OEM Specific features on Android devices even while offline.
Agentless Support for Work Profile
Enroll personally-owned Android devices into Work Profile management using Google's new Android Management APIs. Most importantly, quickly deploy them without needing to install the SOTI MobiControl agent. You can enroll your devices into Work Profile via Android Management API using Enrollment Policies, configure them by deploying supported Profiles, and can deploy Apps from Google Play Store using App Policies.
Advanced Windows Update Management
Keep Windows Modern devices in your organization up-to-date with the latest Windows Updates available through Windows Server Update Services (WSUS) or the public Windows Update service. Through SOTI MobiControl, you can control the types of Windows Updates to apply to the devices, such as feature releases or security patches. In addition, there are a variety of new controls, including when to apply the updates automatically, differ the update for a period, mandate MobiControl Administrator approval before using the updates, and more.
Limited Announcements Based on User’s Permissions
SOTI MobiControl now includes two new user permissions, View SOTI Announcements and View System Announcements, to help administrators limit the announcements shown to certain user roles.
- If the View SOTI Announcements permission is enabled, the user can view SOTI Services announcements
- If the View System Announcements permission is enabled, the user can view announcements originating from MobiControl system.
New Features and Improvements
Administrative Console
Android Enrollment Policies Migration
Android Enrollment Policies (formerly called Add Device Rules) creation and management is migrated to the next-generation user interface for a better user experience and overall consistency. The new design provides a view of all Android Enrollment Policies in a list along with a detailed view of each policy.
Note: The Android Enrollment URLs have changed in this version of SOTI MobiControl. If you are upgrading MobiControl to this version, Enrollment URLs of the Enrollment policies created before the upgrade will continue to work. This backward compatibility is made possible with a new toggle in Global Settings under Enrollment Rules to redirect the old enrollment URLs to the new URL. However, the backward compatibility will end in a future version of MobiControl (released after 12 months). We recommend moving to the new URLs for all your Android Enrollment policies as soon as possible to avoid any potential issues. Once you complete the move, you can disable the redirection toggle in the Global Settings.
SOTI MobiControl Policies Listing
Policy features have been migrated to the next-generation interface in SOTI MobiControl under the Policies menu item. All the existing policies such as App, Compliance, and Enrollment are listed along with legacy rules such as File Sync, Device Relocation, Data Collection, and Alerts to provide better visibility of features available within MobiControl.
SOTI XTreme Hub Enhancements
- You can disable the file transfer capability on a select SOTI XTreme Hub and block devices from using that SOTI XTreme Hub. You can also target specific Android and Windows CE/Mobile devices and block them from using a SOTI XTreme Hub to download files.
- SOTI MobiControl search can be used to identify SOTI XTreme Hub devices that are active via the new “XTreme Hub Enabled” device property.
- Added support for Windows Server 2019.
Note: We have dropped support for the following Windows OS's for SOTI XTreme Hubs. You can no longer enroll devices with these operating versions as an XTreme Hub device:
- Windows Server 2008, Windows Server 2012, Windows 7, Windows 8.
Global Settings Search
Users are now able to filter options visible in the Global Settings menu using a search bar. This makes navigating through the different categories to locate a specific feature a quicker and easier process.
Application Version Info for macOS Apps
The device details screen now displays the information about the version of the installed application.
Enrollment Time Filter
Users can now use Device Enrollment Time as a filter criteria for Profile, App Policy, and Compliance Policy assignment.
Port number for Windows CE/Mobile Devices
The Deployment Server port number is now displayed on the device details page for Windows CE/Mobile devices. It is additionally available as a device search criteria.
Improved Assignment Device Count
The assignment dialog for Profile, App Policy, and Compliance Policy now includes a refresh button to retrieve an accurate count of targeted devices, which includes the impact of a filter criteria.
Android Enterprise
Improved Mandatory Apps Behavior of Enterprise Applications
Enterprise apps deployed as mandatory apps now automatically uninstall when the corresponding app policy is removed.
Streamlined Zero-Touch Enrollment Configuration
Through the embedded Zero-Touch Enrollment (ZTE) iFrame, you can now easily configure your devices that are part of your ZTE program without requiring you to leave the SOTI MobiControl Web Console.
iOS
iOS 15 Support
iOS 15 is now officially certified and supported.
Managed Pasteboard
You can now prevent copy/pasting of data from a managed to an unmanaged app/service and vice-versa on iOS 15+ devices.
Disabling Randomization of MAC Addresses
You can now disable the randomizing of MAC addresses (also known as disabling private MAC addresses) on iOS 14+ devices.
Prevent Removal of Managed iOS Apps
You can now prevent the removal of Managed iOS Apps on supervised devices with iOS 14+ through a new toggle in App Policies.
Device Details
For iOS 12+ devices, the Device Details page shows eSIM information such as Carrier Settings Version, Mobile Country Code, Mobile Network Code, ICCID, IMEI, Phone Number and more.
For iOS 14+, you can also now view time zone information.
Windows
- You can now configure corporate network boundaries for Windows Modern devices in the Windows Information Protection profile to isolate and protect corporate data. The network boundaries include domains names of cloud, work and personal resources, IP ranges, and internal and external proxy servers.
Linux
- You can now enroll and manage ARM64 Linux devices.
- Lockdown configuration for Linux systems has been improved with an enhanced configuration profile.
SOTI Surf
- On Android devices, you can now configure SOTI Surf as a default browser using a script command.
- You can now manage mixed content websites on Android devices.
- You can now go to a 'Developer Tools' to debug the websites on Android devices.
- You can now manage Popups and JavaScript in SOTI Surf iOS devices.
SOTI Hub
We have made performance and security improvements to give a better user experience.
Settings Manager
You can now allow device users to enable/disable Device Time Zone.
General
Support for AdoptOpen JDK
SOTI MobiControl now supports the distribution of Java through AdoptOpen JDK. See SOTI MobiControl Help for installation instructions.
TLS Certificate Validity Period
The SOTI MobiControl-issued TLS certificate validity period has been reduced to two years from the issued date. On-premises customers are responsible for renewing TLS certificates when required.
Device Scripts Permissions
The “View Device Scripts” general permission has been added to SOTI MobiControl to allow granular access control for Device Scripts. Upon upgrade to MobiControl 15.5.0, the “View Device Scripts” permission will be automatically granted to all users who were previously granted “Manage Device Scrips” permission.
Extended Key Usage for Generic SCEP Certificate Template
SOTI MobiControl now provides the ability to specify non-repudiation key usage for Generic SCEP templates.
APIs
The following new REST APIs are included in this release:
- Microsoft 365 Integration: Compliance
- Create and initiate integration connection with Microsoft to send compliance policy status
- Get integration connection status
- Delete the integration connection
- Windows Updates
- Get list of Windows Updates and their statuses for a device
- Get list of available Window Updates
- Approve Window Update for a device
- iOS Updates
- Create a new App Store License account
- Get a list of App Store License accounts
- Refresh the specified App Store License account
- Reconcile all App Store License accounts
- Update the specified App Store License account's name
- Update the specified App Store License account's server token
- Deletes the specified App Store License account
- Get the specified App Store License account's summary
- Clean up the specified App Store License account
- Reclaim ownership of the specified App Store License account
- Test the validity of an Automated Device Enrollment account
- Get the settings for App Store License Management
- Set settings for App Store License Management
- Android Updates
- Get the feedback from Offline OEM Config application
- Get the available App configuration for specified application
Deprecations
Azure Active Directory API deprecation starting June 30, 2022. Microsoft will end support for Azure Active Directory (AD) Graph API’s and will no longer provide technical support or security updates. SOTI MobiControl after this time will no longer receive responses from the Azure AD Graph endpoint. Azure AD Graph API’s in MobiControl have been replaced with Microsoft Graph API’s which is the recommended way forward by Microsoft. Refer to this article for more information.
Resolved Issues
MC-123363 Packages referenced by an assigned version of a profile could be deleted MC-128960 All text instances and logos for “SOTI Assist” are updated to “SOTI XSight” MCMR-21378 ZeroConfig profiles with an open network were not saved MCMR-25379 Windows Mobile devices did not inherit Time Synchronization from the group level MCMR-25454 Profiles did not save when the name and description were changed at the same time MCMR-25541 Device relocation rules that were assigned to root device groups auto-relocated devices in subgroups that were not selected within the relocation rule MCMR-26071 Requesting the Deployment Server Activity report would trigger an "Unable to generate report" error MCMR-26296 Android profile creation with feature control payload failed in Russian language MCMR-26339 Cisco Any Connect VPN configuration would take between 15 minutes and 6 hours to appear MCMR-26376 OneDrive sync failed when OneDrive was enabled in Windows Information Protection Profile MCMR-26502 Search integrity dropped when Search Sync was performed, leading to intermittent failures MCMR-26999 Web Console showed the "Database Maintenance Failed" notification repeatedly MCMR-27099,
MCMR-27100,
MCMR-27049iOS Profile restriction labels were inaccurate MCMR-27122 Exporting CSV files for search filter results did not populate ICCID values correctly MCMR-27133 The default Device Stable Storage Folder in Keyence WinCE devices was not stable MCMR-27827 IPA files could not be uploaded into App Policy when the file path length exceeded a certain threshold MCMR-27983 Templates inside the lockdown profile remained blank when opened for editing MCMR-28139 Managing Automated Device Enrollment triggered an Internal Server Error MCMR-28159 Announcements help link did not work when the console used German language MCMR-28160 "Device Agent and Plugin" did not show on the web console MCMR-28311 PKG files failed to be installed from the App catalog on macOS MCMR-28404 Scheduled package installation stopped agent check-in MCMR-28437 Applications did not install when devices had an app with an empty bundle ID MCMR-29325 Web apps from the managed Google Play Store were not pushed until after the device checked with the server multiple times MCMR-29901 The Bypass Activation Lock action sent an error and did not disable the activation lock on some iOS devices -
Release 15.4 -- Build 4737 -- August 25, 2021
- 15.4.3 Build 1012 on March 24, 2022
- 15.4.2 Build 1020 on December 22, 2021
- 15.4.1 Build 4828 on September 27, 2021
Please note: We strongly recommend following the standard IT change control practices and testing product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support team or visit the product documentation for information on proceeding with your upgrade.
Upgrade Considerations
- SOTI MobiControl now requires a minimum of Java 11. You can choose either Oracle Java 11 or OpenJDK 11. Refer to the Online Help for the OpenJDK 11 setup procedure.
- Upon upgrade, the SOTI MobiControl installer will automatically rebuild the search data. As a result, any saved System Health analytics or configurations will be lost.
- If you are using an older version of Cloud Link Agent (CLA) (e.g.,1.x,2.x or 3.x), you must upgrade to CLA v4.0. Before upgrading, you must uninstall the older version of CLA. If CLA 4.0 is not set up with MobiControl 15.4.x, any operation or functionality related to LDAP and ADCS will not work. For more information on CLA 4.0 setup, please refer to CLA 4.0 help.
Release Highlights
This release includes the following new features:
Dual SHA-1 and SHA-2 Device Support on Deployment Server
You can now manage both legacy Windows CE/Mobile devices (compatible with SHA-1 certificates) and newer Android/iOS/Windows devices (compatible with SHA-256 certificates) on the same Deployment Server. By removing the need to have a dedicated Deployment Server for SHA-1 compatible devices, you now save on operational and maintenance costs.
Android App Update Mode
When configuring an Android application within an App Policy, you can select how often you would like that application to be updated on the device. The following update modes are available:
- Default Mode – The app is updated when the device is connected to Wi-Fi, is charging, and is not actively used.
- High Priority Mode – The app is updated as soon as a new version is published to the Google Play Store.
- Postpone Mode – The app update is postponed for up to 90 days after a new version becomes available.
With the new Android app update mode, you can prioritize critical app updates for the entire fleet, or postpone app updates that require testing before deploying them to devices.
General Improvements
Administrative Console
Users and Permissions Migration
The Users and Permissions page (formerly the Security page) is migrated to the next-generation user interface for a better user experience and overall consistency.
Users and Permissions logs can now be exported to a CSV file for further review and analysis.
App Policy Granular Permissions
You can restrict access to an individual App Policy to specific users and groups. This is an additional layer of access control on top of the App Policy permissions defined in the Users and Permissions page. This is similar to the granular permissions available for Profiles.
Android
App Release Track
When configuring an application within an Android Enterprise App Policy, you can now view all the available versions (i.e., tracks) for an app, such as beta, test, etc. You can pick one of the tracks to deploy to devices.
Authentication Payload – Revert to User Mode
The Android Authentication profile enables you to automatically revert devices to user mode after being in admin mode for a specified amount of time.
The Device Details page shows whether the device is in admin or user mode.
Authentication Payload – Revert to Kiosk Mode
The Android Authentication profile lets you automatically revert devices to Kiosk mode after being in Non-Kiosk mode for a specified amount of time.
The Device Details page shows whether the Android Agent on a device is in Kiosk or Non-Kiosk mode.
Wallpaper Configuration on Android Devices
You can now configure the wallpaper on Home and Lock screens of Android devices using Profiles in the SOTI MobiControl console.
Android Enterprise
Enterprise Application Deployment
You can deploy in-house or enterprise apps outside of the Google Play Store to your Android Enterprise devices through App Policies in the SOTI MobiControl console.
Personal Play Store on Corporate Personal Devices
Whitelisting/blacklisting enables you to control available applications in the Personal Play Store for Android 11+ Corporate Personal devices.
Work Compliance for Corporate Personal Devices
You can limit how long the Work Profile may be disabled on an Android 11+ corporate personal device. Once the time limit is reached, personal apps for end users are disabled until they re-enable their Work Profile.
COPE Feature Control Enhancement
The use of camera and screen capture functions can now be blocked on Android 11 corporate personal devices.
iOS – App Update Management
Automatic update of App Store and Custom Apps on iOS 11+ devices now leverage the application’s version identifier.
macOS – Content Library
SOTI MobiControl now supports Content Library for macOS devices, enabling file sharing with enrolled macOS devices.
Windows – Assigned Access Improvements
In Assigned Access mode, you can now choose to provide users with access to specific folders, such as "Downloads," or to all folders on Windows machines. This provides the ability to create new files or access existing ones, which was not possible until now.
SOTI Surf
You can now preview files before downloading them to Android devices.
SOTI Hub
The SOTI Hub interface now has a modern user interface.
Mandatory content for an iOS device can now be synchronized to that device, even when SOTI Hub is not running in the foreground.
You can now allow or prevent file uploads and edits in a WebDAV repository.
The Enterprise Resource Gateway (ERG) installer is now redesigned to simplify the installation process.
Settings Manager
The Settings Manager now has a modern user interface.
You can allow or disallow management of Wi-Fi network settings.
Support for Cloud Link Agent High Availability Deployments
To ensure business continuity and maintain operational efficiency, you can now set two or more CLAs to handle large numbers of requests to access on-premise active directory and ADCS resources.
These additional CLAs will improve performance by load balancing the requests and ensuring all requests are handled, even when one CLA is down.Microsoft SQL Server 2019
Support for Microsoft SQL Server 2019.
APIs
The following new REST APIs are included in this release:
- Agents and Plugins
- List Android Agents for a given manufacturer
- List manufacturers of Android Agents
- Initiate download of a specific Android Agent from the SOTI Agent Delivery service to SOTI MobiControl
- Cancel in-progress downloads of Android plugins
- Get Agent compatibility information from the SOTI Agent Delivery service
- Update compatibility information for the downloaded Agent
- Managed Google Play
- Retrieve approved applications for a Managed Google Play binding
- Execute an action on a Managed Google Play binding
- Update Application Enrollment Token (.AETX)
- Delete Enterprise Application Token (.AETX)
- Branding
- Manage branding images – list, update, and delete
- Android Configuration
- Retrieve and update a deployment type for Android devices
- Retrieve and update a Samsung ELM configuration
- Device Script Execution Status (Linux)
- Get total success and failure count for script executions
- Retrieve all script execution records for a device
- Request a device to send output of a script execution to SOTI MobiControl
- Retrieve stored script execution outputs from SOTI MobiControl
- Devices
- Manage device action scripts – list, create, update, and delete
- Locate Timeout
- Get the Device Locate timeout value
- Update the Device Locate timeout value
- Directories
- Manage Azure directories – list, create, update, and delete
- Manage LDAP directories – list, create, update, and delete
- Security
- Configure access policies for SOTI MobiControl local account users
- Manage roles, user groups, and users
- Retrieve log activities by role, group, and user
- Servers
- Get the health status of SQL Server and SOTI MobiControl databases
- System Maintenance
- Retrieve and update the Log Truncation and Maintenance configuration
- System Health
- Retrieve current metric data from Deployment Servers
- Get the current Message Processing metrics for Deployment Servers
- Get and update the System Health Metric message settings
- Terms and Conditions
- Manage Terms and Conditions that users accept during device enrollment
- Manage versions of specific Terms and Conditions
- Windows Modern Health Attestation
- Retrieve and update the Health Attestation server configuration
Resolved Issues
MCMR-25777 License counts for apps in the App Store License accounts were higher than expected MC-122175 On iOS devices, screenshots were not available in the App Detail screen of the App Catalog web clip MC-120808 The Application Policy report could not be generated in Microsoft Excel format MC-115260 In the iOS App Policy, tooltips appeared empty for the "Request Device to Install Application (Unsupervised Device Only)" and "Maximum Installation Attempts" options MCMR-22186 User permissions were not being saved MCMR-22252 Time synchronization for Mexico time zones was not working MCMR-23334 When a username was changed, logs still showed the old username MCMR-24376 Custom Data items were duplicated in the Data Collection Rule creation wizard MCMR-24386 Device target number in the Device Assignment dialog was not updated when a filter was applied MCMR-24632 Incorrect values were displayed on the Device charts for custom attributes and dates MCMR-25160 Ping Identity integration did not work with the standard SAML configuration MCMR-25252 Explorer in Windows Modern does not show folders and files that were granted access through Assigned Access. MCMR-25334 Feature control configuration failed to install on Windows Modern devices MCMR-25504 Unable to set the time zone to Yukon when configuring the Time Synchronization policy for a Device Group MCMR-25600 Cloud Link Agent 3.0 connection terminated after several minutes MCMR-25690 The value of Relocate Devices To field in the Alert Rule was reset when the configured device group moved under another device group MCMR-25725 When adding a new Identity user to MobiControl, object ID was displayed in the web console instead of username MCMR-25819 Error message displayed when configuring user permissions MCMR-26143 Unable to access WebDAV content through SOTI Hub using iOS devices MCMR-26213 Deployment Server crashed unexpectedly MCMR-26270 Assigned Access configuration was applied to the Windows Modern device only after multiple reboots MCMR-26307 Personalized device name was not displayed in the web console MCMR-26351 Disabling Allow Simple Password configuration for a Windows CE profile failed to save in web console MCMR-26643 Linux Ubuntu 20.04 was stuck in boot loop after assigning a lockdown profile MCMR-26684 Profile’s policy messaging value was saved with invalid Japanese character MCMR-27013 Nightly maintenance failed due to the length of time it required to complete MCMR-27046 Linux Agent failed to connect using HTTP proxy MCMR-27232 SOTI Surf crashed when accessing a link on a Google form MCMR-27535 An additional Self Service permission available in the Japanese UI was added to the English UI -
Release 15.3 -- Build 6713 -- February 19, 2021
- 15.3.3 Build 1065 on July 26, 2021
- 15.3.2 Build 1072 on May 26, 2021
- 15.3.1 Build 1151 on April 7, 2021
Version 15.3.0 Build 6713 on February 19, 2021
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Upgrade Considerations
Auto-detection of SQL servers is removed from the SOTI MobiControl installer. Therefore, you need to specify the SQL Server database during installation.
When upgrading SOTI MobiControl to 15.3.0 or a later version, you may encounter errors that are due to conflicts between pre-15.3 Application Catalog Rules that were replaced with App Policies in 15.3.0. See online help for resolution.
SOTI MobiControl v15.3 is not compatible with versions 1.x and 2.x of the SOTI Cloud Link Agent. You must upgrade to Cloud Link Agent 3.0. Administrators need to upgrade the agent component on their local server and contact technical support to prepare their SOTI MobiControl cloud instance for the transition.
Release Highlights
System Health
As a SOTI MobiControl administrator, you can now view the System Health of your SOTI MobiControl instance. System Health consists of two sections: System Overview and Advanced Analytics.
System Overview displays the operational statuses of the various components, including Management Servers, Deployment Servers, database, SOTI services, and so on, giving you the complete overview of the functional state of your SOTI MobiControl instance.
The Advanced Analytics dashboard offers interactive charts that enable viewing and analysis of real-time and historical parameters of the system. With insight from this analysis, you can fine-tune SOTI MobiControl’s system policies and configurations to maximize performance. The Advanced Analytics functionality is available only to SOTI MobiControl customers who have purchased the SOTI Premium Plus or Enterprise Plus Service.
App Policies
App Policies (formerly App Catalog Rules) are redesigned within the next-generation user interface. The new design provides a view of the associated applications with additional information about each application. Similar to Profiles, App Policies can now be assigned to devices based on user groups and filter criteria.
Zebra LifeGuard OTA
As a SOTI MobiControl administrator, you can now manage enrollment and deployment of over-the-air (OTA) updates of the Android operating system (OS) and LifeGuard security patches to Zebra mobile devices directly from the SOTI MobiControl console. You no longer need to manually download a new OS or security patch from Zebra’s website, push it to the devices, and use scripts to trigger the installation.
Corporate Personal Mode on Android 11 Devices
You can now enroll and manage Android 11 devices in the Corporate Personal mode. Android 11 brings security and privacy improvements to the OS, allowing the organization to retain ownership of the device and assign company polices to the work container, while at the same time providing a greater degree of privacy to the device’s end user and their personal data.
New Features and Improvements
Compliance Policies
- SOTI MobiControl now supports certificate-based authentication for Exchange Online, which provides a more secure integration with Office 365.
- Microsoft is deprecating support for basic authentication access to Exchange Online for new and existing tenants – refer to Microsoft’s announcement for details.
- SOTI MobiControl instances configured to connect to Exchange Online prior to October 13, 2020 can use basic authentication access until the first half of 2021.
- SOTI MobiControl customers shall no longer be able to use Compliance Policies to block email access to Exchange Online with basic authentication. They must update the Exchange Online configuration to use certificate-based authentication.
Administrative Console (User Interface)
Global Settings Migration
- Global Settings are migrated to the next-generation user interface.
- SOTI MobiControl now generates logs when Global Settings configurations are updated.
Main Menu
- A new menu item now supports navigation to SOTI MobiControl Online Help.
- The menu now includes links to the SOTI ONE Platform products based on SOTI Identity integration:
- If the instance is integrated with SOTI Identity, a menu item enables navigation to the SOTI Identity home page with links to the relevant SOTI ONE Platform products.
- Otherwise, menu items for SOTI Assist and SOTI Central are displayed.
General
- Device details now show the number of days the device has been online (Agent Connect Time) and offline (Agent Disconnect Time) in relative time. For example, “1 day ago,” “3 days ago,” and so on.
- It is now possible to search for device groups in the Profile Assignment dialog.
- The following device actions are added:
- Enable Kiosk Screen (Android, Windows CE, and Windows Desktop Classic)
- Disable Kiosk Screen (Android, Windows CE, and Windows Desktop Classic)
- Enter Admin Mode (Android only)
- Enter User Mode (Android only)
Android Enterprise
Lockdown Enhancement – App Search
- When configuring applications on the lockdown screen, you can now search for the Google Play Store apps or the existing apps deployed to the devices.
- When configuring lockdown, you as a SOTI MobiControl administrator can now conveniently select different menu item types from a drop-down list.
Android Application Update Maintenance Window
- You as a SOTI MobiControl administrator can now set a daily maintenance window during which Managed Google Play applications can update even if the usual update conditions are not met (e.g., the device is not on Wi-Fi, is charging, or application is not in the foreground).
- With this capability, you gain greater control over when to update applications on the devices when meeting the above Google conditions is not possible or cost-effective.
iOS
Multiple Apple Automated Device Enrollment Accounts
- You can now create and manage multiple Automated Device Enrollment (ADE) accounts, formerly Device Enrollment Program (DEP) accounts. In addition to the existing functionality, you can also:
- Test the connection to, and the validity of, an ADE account directly from the SOTI MobiControl console
- Generate a new SOTI MobiControl public key that is required to create the MDM Server Token for an ADE account
- View the expiry date of the SOTI MobiControl public key
- View the MDM Server Name of the account as seen in Apple Business Manager
- View the Organization that owns the account
- View the Apple ID of the Administrator that had generated the MDM Server Token for the account
- Set and change the Default Add Device rule for each account
- The management of ADE accounts is now rendered in the next-generation user interface.
- SOTI MobiControl now generates audit and troubleshooting logs for ADE account operations and communications with Apple's ADE services.
App Store License Management (Formerly VPP)
- It is now possible to test the connection and validity of an App Store License (ASL) account directly from the SOTI MobiControl console.
- The ASL account information is displayed in the console as it is seen in Apple Business Manager.
- SOTI MobiControl now generates audit and troubleshooting logs for all ASL account operations and communication with Apple's ASL services.
Apple Push Notification Service Configuration Management
- It is now possible to test the connection to, and the validity of, the Apple Push Notification Service (APNS) configuration directly from the SOTI MobiControl console.
- The APNS configuration is expanded to display the Apple ID used to generate the APNS certificate.
- SOTI MobiControl now generates audit and troubleshooting logs for all operations on APNS configuration and communication with APNS.
Windows
- The Lockdown configuration is now available for Window Modern devices. It eliminates the need for Windows Modern devices to be enrolled as Windows Classic devices to leverage SOTI’s lockdown capabilities. The Lockdown configuration supports rich user customizations and Speed Lockdown.
- It is now possible to deploy and execute PowerShell scripts on Windows Modern devices. When SOTI MobiControl deploys PowerShell scripts to the devices via Packages and Device Actions, they are now automatically executed on the devices. Administrators no longer need a separate batch file to execute the scripts.
- File Sync Rule now supports transferring files larger than 4GB to Windows Desktop devices.
Linux
- Support is added for the following Profile configurations:
- Wi-Fi settings
- Feature Control: USB restrictions
- Web filtering
SOTI Surf
- The application is redesigned with a modern user interface.
- New settings are added to the SOTI Surf profile configuration to customize the branding color and logo.
- The following webpage refresh controls are added to the SOTI Surf profile:
- Manage Pull to Refresh: Allows/prevents using a pulldown gesture to refresh a webpage in the SOTI Surf browser.
- Auto-Refresh: Enables/disables auto-refresh of web page in the SOTI Surf browser and sets the refresh time interval.
General
- You can now host the SOTI MobiControl server components and the MobiControl database on Microsoft Windows Server 2019.
- The Remote Control feature is now more stable under high SOTI MobiControl system loads.
APIs
Starting from SOTI MobiControl 15.3.0, all APIs support the XML (application/xml) response data format.
The following REST APIs were introduced in MobiControl 15.3.0:
- Android:
- Manage Android agents and plugins
- Configure and bind Managed Enterprises or Google domains to SOTI MobiControl
- Apple:
- Manage Apple App Store license accounts bound to Apple Business Manager
- Configure Apple Push Notification Service (APNS)
- Manage Automated Device Enrollment accounts
- App Management: Manage App Policies (formerly App Catalog Rules) for Android, Windows, iOS, and macOS platforms
- Branding: Manage branding images
- Devices: Get and update Device Locate timeout period
- Certificates: Manage Certificate Authorities and create Certificate Templates
- Directories: Manage LDAP and Azure directory connections
- Identity Providers: Update Identity Providers and their certificates and metadata
- Logs: Get logs by server and server type
- Mail Servers:
- Generate public key to use when configuring the email server
- Get public part of the certificate of an existing email server
- Retrieve a list of available Office 365 regions to use when configuring the email server
- Profiles:
- Add devices or device groups to a Profile Assignment
- Remove devices or device groups from a Profile Assignment
- Packages:
- Retrieve status of a Package job
- Create Package with multiple files and file types, including script files, applications, and other files (Note: this is a new version of the Packages API - POST /packages/v2)
- Search: Get health status of SOTI MobiControl search
- Security: Get and update authentication settings for the SOTI MobiControl console
- Servers: Get statuses of the Management Sever, Deployment Server(s), and database
- SMTP: Manage SMTP server connections
- System Maintenance: Retrieve and update log maintenance configuration
- System Configuration: Get and update server logs and their levels
- System Health:
- Get System Health metrics data for a specified server
- Get and update the Advanced Analytics settings
- Terms and Conditions: Manage multiple versions of Terms and Conditions
- Windows:
- Manage Windows Enterprise Application configuration
- Manage Windows Enterprise Application enrollment token
- Manage Health Attestation Service configuration
- Manage Windows Notification Service (WNS) configuration
Resolved Isues
MC-93952 The “Locate timeout” function operated on the default value of 45 seconds regardless of the user-configured value MC-102686 The SOTI MobiControl installer displayed a generic error message when the Autodetect button was clicked MC-103752 Multiple consecutive spaces added while renaming a device were removed in the SOTI MobiControl console MC-108648 The Assign button became enabled before loading all the information in the Device Assignment dialog MC-108879 It was impossible to access the SOTI MobiControl console without the Configure Devices/Devices Groups permission MC-113983 The “insecure connection” error appeared upon device relocation MC-114684 Local Agent Builder Service installation failed because the Package reference in the Management server was different from the version used in the Agent Builder service MCMR-21649 It was impossible to add a user to SOTI MobiControl or modify user permission via Azure Active Directory; the error message was: “Duplicate user or user group has been detected” MCMR-21660 Date picker in Profile Assignment Schedule Actions restricted dates to the 12th of the month as it applied the “month” restriction to the “date” setting MCMR-21773 In some cases, users were unable to edit/create Lockdown profiles MCMR-21953 The Device Status alert was generated for every device check-in/update schedule rather than according to the alert schedule MCMR-22119 The “Mobile Country Name” parameter in APN settings changed from “United States” to “Guam” after an upgrade MCMR-22135 In some cases, users could not access device groups they had a permission to access MCMR-22224 Only one device was visible in the SOTI MobiControl console when two devices had the same Device Id MCMR-22461 Turning off the "Override Local Management Service Address" setting did not work (the overriding continued) MCMR-22859 It was impossible to sort the Device Property column in the Devices view MCMR-23149 Selection of a date range for location history failed MCMR-23222 User permission definitions disappeared from Custom Data MCMR-23331 The “Export to CSV file” function failed if the device search criteria contained an ampersand (&) MCMR-23547 The enrollment time did not update after a device re-enrollment MCMR-23614 Nightly maintenance failed after the Android Enterprise device migration MCMR-23761 The installer did not display error messages when executing it in languages other than English MCMR-23784 Geofence alerts triggered falsely for Windows Modern devices MCMR-23858 Mobile Network Code 100 was missing in the APN configuration MCMR-23903 An incorrect response code was returned for the Upload Package API MCMR-24007 The “Monthly Out of Contact” report was sent a day before the configured date MCMR-24320
MCMR-25346
MCMR-25394
MCMR-25464
MCMR-25163Azure idP configuration randomly disappeared MCMR-24383 Non-English characters could not be used in rule names MCMR-24462 Slow network and/or SOTI MobiControl server caused incorrect Profile assignments MCMR-24467 Incorrect device cleanup count was entered in the nightly maintenance log MCMR-24485 “File create date” shown in Content Library did not match the actual file creation date MCMR-24543 LDAP-based enrollment had no support for Unicode characters MCMR-24811 Upgrade from SOTI MobiControl 15.2.2 failed due to duplicate entries in the InstalledApp table MCMR-24936 It was impossible to reset security on the Deployment server MCMR-24989 iOS devices were unable to perform MDM check-in MCMR-25007 It was impossible to assign profiles to LDAP groups whose names contained an underscore (_) MCMR-25045 The Connectivity Information report showed information outside the specified time range MCMR-25127 Devices enrolled as Android Enterprise appear in the SOTI MobiControl console as “unknown device type” MCMR-25255
MCMR-25155
MCMR-25151
MCMR-25136
MCMR-25099
MC-91373
MCMR-24068The Japanese version of the console contained translation inaccuracies MCMR-25808 Devices were unenrolled when the Deployment server crashed -
Release 15.2 -- Build 4819 -- August 04, 2020
- 15.2.6 Build 1006 on March 4, 2021
- 15.2.5 Build 1027 on February 11, 2021
- 15.2.4 Build 1138 on December 9, 2020
- 15.2.3 Build 1033 on October 28, 2020
- 15.2.2 Build 1080 on October 5, 2020
- 15.2.1 Build 1094 on September 14, 2020
- 15.2.0 Build 4819 on August 04, 2020
- MD5 Checksum: 124187e815ca63c19a34b173325a15ed
Upgrade Considerations
To support new functionality mentioned herein, SOTI MobiControl's minimum system requirements have been updated to .NET Core 3.1, Windows Server 2016 and Microsoft SQL Server 2016 SP2 CU12.
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Release Highlights
- Android Corporate Personal Device Management
- Modern Apple Push Notification Service (APNS)
- Outbound SOTI Cloud Link Agent
- Reintroduction of the Right-Click Menu
Android Corporate Personal Device Management
SOTI MobiControl now supports Corporately Owned, Personally Enabled (COPE) deployments with Android Corporate Personal device management. This type of Android Enterprise device management lets organizations apply a work profile to a fully managed device. Work apps remain entirely separate from the employee’s personal apps and content. Since the device is fully managed, administrators can enforce device policies and restrictions that keep the device connected to SOTI MobiControl, even if the employee disables the work profile. On the personal side, employees can create their own accounts and choose which apps to install from the Google Play Store without that information being reported to SOTI MobiControl.
Generally, Corporate Personal devices support the same features as Android Enterprise Work Managed devices. Some differences include the new Corporate Personal enrollment option and a dedicated set of profile configurations for Corporate Personal devices. Corporate Personal is available on devices running Android 8.0 or later.
Modern Apple Push Notification Service
SOTI MobiControl now communicates with the modern Apple Push Notification Service (APNS) endpoint for the enrollment and management of Apple devices. Modern APNS promises greater efficiency and security than the legacy APNS endpoint it replaces. The move to modern APNS includes several updates to minimum system requirements for SOTI MobiControl. Administrators should consult the APNS Changes Impacting SOTI MobiControl Customers article on SOTI Central for more information on the new system and security requirements.
Outbound SOTI Cloud Link Agent
Companies can now establish secure communication between enterprise services within their network and SOTI MobiControl cloud instances without opening an inbound port. The latest version of SOTI Cloud Link agent, v3.0, facilitates communication to enterprise services through an outbound port and initiates all application requests from the SOTI Cloud Link agent.
SOTI MobiControl v15.2 is not compatible with previous versions of the SOTI Cloud Link agent. Administrators will have to upgrade the agent component on their local server. They will also need to contact technical support to prepare their SOTI MobiControl cloud instance for the transition.
Reintroduction of the Right-Click Menu
In the next generation console, context menus can now be opened by right-clicking on components in the user interface. Right-click replaces the vertical three-dot button that previously appeared throughout the console. Right-click anywhere on a row in the Devices grid to select the device and open its Device Actions menu at the same time. Right-click is also supported on device groups and on the Profiles, Compliance Policies and Packages grids.
The three-dot button remains in sub-level modal and dialog windows.
General Improvements
Android
- Adds the following license management administrative capabilities for Samsung E-FOTA:
- Update an existing E-FOTA license key with a new key
- Synchronize the license count in SOTI MobiControl with Samsung's E-FOTA license server
iOS
- Adds new options for PKCS12 certificates and certificate templates in the Certificates profile configuration:
- Option to make the private key exportable
- Option to allow all apps to access the certificate
SOTI Surf
- New Privacy settings in the SOTI Surf profile configuration
- Manage Certificate Warnings: choose to show or hide SSL certificate warnings in the SOTI Surf browser
- Set Zoom Level of a website: set the default zoom level of a web page in the SOTI Surf browser.
- Home Screen Improvements
- Device users can now create shortcuts for website links on the device's home screen
- File download Improvements
- All standard authorization types are supported while downloading a file from websites through SOTI Surf browser.
Device Location
- Enhanced location map to show a device’s last known location as soon as you open the Location tab in its Device Information panel
APIs
The following REST APIs were introduced in SOTI MobiControl 15.2.0:
- Android Firmware Upgrade License
- Update an existing Samsung E-FOTA license key with a new key
- Sync the license count in SOTI MobiControl with Samsung's E-FOTA license server
- Servers
- Added new parameter forceDsStatusRefresh to force the Deployment Servers to report on their latest status.
Bug Fixes
MC-100636 The server side script feature in File Sync rules was made read-only for on-premises instances and removed entirely for cloud instances. Users can use this feature by contacting SOTI Support. MCMR-21327 Importing packages was not successful due to the case sensitivity issues in the package content MCMR-22018 The console sent false notifications of database maintenance failure MCMR-22160 Server upgrade from 13.4 to 15.1.1 was unsuccessful due to long running database operation timeout MCMR-22185 Some Android devices reappeared in the console after unenrollment and deletion MCMR-22409 Improved Japanese translation for Windows Modern Feature Control MCMR-22455 Incorrect OEMConfig values for the Ascom application were sent to devices MCMR-22551 Editing previously assigned Windows CE/Mobile and Desktop Classic Lockdown profiles was failing MCMR-22566 Clicking the “Default” button did not clear the fields in the Advanced Configuration portion of an Application Catalog Rule MCMR-22590 Management service attempted to retrieve certificate expiration information from deleted deployment servers MCMR-22711 Deletion of saved scripts was blocked if a Windows CE lockdown profile configuration existed where speed control was not configured MCMR-22747 Managed Google Play applications did not synchronize with server MCMR-22759 Delete was unsuccessful for device groups containing “+”in the group name MCMR-22770 The “Allow Sharing between Work and Personal” feature control option was not enforced correctly MCMR-22892 Windows XP agent stopped responding when installing a profile in self-serve mode MCMR-22941
MCMR-23220Added missing MNC code for Webbing Hong Kong Ltd MCMR-23016 Upgrade from 15.0.2 to 15.1.1 was unsuccessful due to a database related error -
Release 15.1 -- Build 3416 -- April 16, 2020
- 15.1.5 Build 1005 on June 2, 2021
- 15.1.4 Build 1020 on February 18, 2021
- 15.1.3 Build 1021 on September 11, 2020
- 15.1.2 Build 1035 on June 11, 2020
- 15.1.1 Build 1184 on May 25, 2020
- 15.1.0 Build 3416 on April 16, 2020
- MD5 Checksum: 6693e3863f2c587cd9102dc27a1600a2
Notes:
- SOTI MobiControl v15.1.0 Build 3416 replaces the previous build (3413) posted on March 23, 2020
- We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Release Highlights
- Faster File and Package Deployment with XTreme Hubs
- Compliance Policies
- New Android Enterprise Capabilities
Faster File and Package Deployment with XTreme Hubs
XTreme Hubs advance the performance enhancements of Xtreme Technology (introduced in SOTI MobiControl v15.0.0) by efficiently scaling the solution to large numbers of Android devices distributed across numerous locations, such as retail stores. XTreme Hubs enable faster deployment of files and packages to devices and reduce the bandwidth load on the network connection between the XTreme Hubs and SOTI MobiControl servers. This is made possible by the XTreme Hubs serving as intermediaries between SOTI MobiControl deployment servers and Android Plus devices. Deployment servers push a single copy of files and packages to an XTreme Hub which then relays them to its associated devices.
Note that Xtreme Hub functionality is only available to customers who subscribe to Premium or Enterprise Support.
Compliance Policies
Administrators can now implement personalized policies that determine what characterizes a compliant device in their environment. Compliance policies consist of a set of highly customizable criteria that use filtering logic similar to the device search. You can create multiple compliance policies, each with different criteria or different device group targets. Using Compliance policies administrators can configure automated actions such as allowing or blocking email access on devices using Office365 Exchange. Compliance polices are available for Android, iOS and Linux devices.
New Android Enterprise Capabilities
SOTI MobiControl v15.1 adds a number of new capabilities which collectively offer administrators greater control over device operating system updates to minimize workforce interruptions, provide more diagnostic information for troubleshooting application deployments and present an improved user experience for configuring Google Play Managed Apps.
General Improvements
General
- Added ability to search for applications by name in the Device Information panel
- Modified the Upgrade Agent device action to appear only when the device agent is incompatible and needs to be updated
- Updated default device actions to: Remote Control, Check-In, Report Incident (in SOTI Assist enabled systems), Send Script, and Soft Reset
- Added Terms and Conditions user acceptance status to the Device Information panel
- Simplified the package upload process to allow administrators to upload packages while within a profile
- Improved user experience of new package upload by highlighting new packages in the Packages list
- Modified deployment server behavior to automatically update deployment server priority when a deployment server is deleted from SOTI MobiControl
- Improved installer to check that the installation location has sufficient storage space to deploy SOTI MobiControl successfully
- Individual profile configurations for the Windows, Linux, and Printer platforms were migrated to the next-generation user interface, completing the transition of the Profiles view.
Users and Security
- Added ability to search for SOTI Identity users within the console when assigning a user to an enrolled device.
- Increased supported key length of Generic SCEP certificates to 4096
- Improved LDAP group search to include all groups of LDAP directories configured in SOTI MobiControl
- Added support for SHA-384 and SHA-512 as root certificates
SOTI Identity Integration
- Enhanced initial integration of SOTI Identity with SOTI MobiControl. SOTI Identity automatically generates default user roles from SOTI MobiControl (Administrator, Technician, Viewer, BYOD).
Android Enterprise
- Added new device action: App Feedback Update compels Managed Apps on Android Enterprise devices to send their logs to SOTI MobiControl. Status information and logs are visible in the Device Information panel
- Added new Lockdown controls for Android Enterprise devices running Android 9.0 or later, which include the ability to control device user access to the following:
- Power button
- Keyguard
- Home Button
- Improved Reset Account device action to allow administrators to create new or reset existing Managed Google Play accounts on devices without using a factory reset
- Added support for performing Reset Passcode and Wipe device actions through Android Platform Notification Services
- Added new device feature control option: Allow Backup Service
- Added ability to send custom messages when device users attempt restricted actions on device
- Added support for specifying strong authentication timeout requirements in the Authentication profile configuration
- Added support for postponing operating system updates for 30 days
- Added support for defining a daily installation window for operating system updates
- Added support for scheduling a blackout period (up to 90 days) to block all operating system updates
- Improved layout of app config for better user experience
- Added support for field descriptions in app config
iOS
- Added native support for the following MDM features introduced in iOS 13.0:
- WPA3 in the WiFi profile configuration
- SIM card specification in the Network Restrictions profile configuration
- New Extensible Single Sign On profile configuration
- Mail, Calendar, Contacts domains in Per-app VPN profile configurations
- OAuth, Mail, Calendar, Contacts, Notes, Reminders options for the Exchange ActiveSync profile configuration
- Ability to prevent the Files app from accessing external files in the Restrictions profile configuration
- Ability to update eSIM cellular plan information
- IKEv2 VPN profile configuration for iOS
macOS
- Enhanced the privacy preferences for macOS, which allows administrators to limit the control each application has for private services like camera, address book, microphone, and so on
- Enabled the automatic deployment of the Remote Control profile during macOS enrollment
- Added Apple Device Enrollment Program (DEP) information to device information panel for devices enrolled using DEP
Printer
- Added ability to manage certificates for Zebra printers. SOTI MobiControl supports status certificates or certificates configured through a certificate authority. Administrators can also automate the authentication of enrolled printers to a specific WiFi network without manually having to set up a WiFi connection on every printer.
SOTI Surf
- Added new Privacy Settings to the SOTI Surf profile configuration
- Disable Third Party Cookies: prevents third-party websites from reading or saving browser cookies
- Restrict File Types: restricts device users from downloading files based on file extensions
- Added ability to configure the SOTI Surf app to automatically launch or relaunch when its profile configuration is modified. Administrators can also specify a restart delay time.
- Added support for macro variables in home screen URL or URLs in the home screen catalog. Macro variables can be custom attributes or device information based such as device identifier or MAC address.
- Added ability to configure SOTI Surf to open a file immediately after it is downloaded
APIs
The following REST APIs were introduced in MobiControl 15.1.0:
- Android Enterprise Migration Certificates
- Get Android Enterprise Migration certificate information of an OEM (GET)
- Upload Android Enterprise Migration Certificate of an OEM (PUT)
- Compliance Policies
- Retrieve list of compliance policies (GET)
- Create new compliance policy (POST)
- Manage existing compliancy policy (GET, PUT, DELETE)
- List and update actions of a compliancy policy (GET, PUT)
- Manage assignment of the compliance policy to devices and device groups (GET, PUT, DELETE)
- Enable the compliance policy (POST)
- Disable the compliance policy (POST)
- Retrieve list of logs associated with the compliance policy (GET)
- Run the compliance policy against associated devices (POST)
- Devices
- Retrieve executable compliance policy actions triggered on a device (GET)
- Retrieve the status of all compliance policies assigned to the device (GET)
- Run a compliance policy on the device (POST)
- Mail Servers
- Retrieve list of configured email servers (GET)
- Create a new configuration to email server (POST)
- Manage existing email server configuration (GET, PUT, DELETE)
- Rename the email server (PUT)
- Update the email server configuration (PUT)
- Test the email server configuration (PUT)
- Reports
- Download CSV of filtered list of compliance policies (GET)
- Email filter list of compliance policies (POST)
- Search
- Execute advanced (raw) MobiControl Search request (POST)
- Start SOTI MobiControl search synchronization with SOTI MobiControl database (POST)
Bug Fixes
MC-93780 Added caching for Device Group Tree to improve device check in performance MCMR-18625 Alert rules were not triggered when applied to root group MCMR-19520 External SD card encryption alert was being triggered even though no external SD card was inserted in device MCMR-19533 Email notifications were not sent after an alert was triggered MCMR-20191 A timeout configuration was added to accommodate long-running processes that failed due to an inadequate timeout period MCMR-20281 Mail on Android devices stopped working when a management service in a load-balanced environment that leveraged ERG was temporarily shut down MCMR-20353 Windows Mobile and CE devices did not enroll successfully when using the SOTI MobiControl Stage Agent MCMR-20419 Custom Attributes were not propagated to devices after they were assigned in the console MCMR-22303 Fixed issue that limited the total enrollment of Android Enterprise Managed devices to 10 MCMR-22296 Occasionally, upgrade failed when database tables were modified and caused the database size to increase significantly -
Release 15.0 -- Build 6019 -- November 04, 2019
- 15.0.2 Build 1049 on January 09, 2020
- 15.0.1 Build 1181 on November 12, 2019
- 15.0.0 Build 6019 on November 04, 2019
- MD5 Checksum: 9ed88dd735cf339dc7c0498e2c386266
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Release Highlights
- Xtreme Technology
- Simplified Application Deployment for Android
- Android Device Scripting with JavaScript
- Auto-Install Android Device Plugins on Enrollment
- Group Location Services
- Administrative Console Redesign
- Streamlined Bulk Device Selection
- Granular Permissions
Xtreme Technology
SOTI MobiControl introduces Xtreme Technology in v15.0, which significantly improves the time to distribute Packages via Profiles and synchronize Files to the devices with up to a 10x performance improvement.
Simplified Application Deployment for Android
Administrators can now upload Android app installer files (.apk) directly to the SOTI MobiControl console and they will be automatically wrapped into a SOTI MobiControl Package, bypassing the need to use the Package Studio desktop application. The package will have default settings. Package Studio can continue to be used for custom package settings.
Android Device Scripting with JavaScript
SOTI MobiControl v15.0 introduces new scripting functionality for Android Plus devices. Administrators can now use JavaScript and all its standard features to write scripts with conditional statements, loops, functions and variables. This new engine also includes support to perform asynchronous execution via callbacks and execute various actions using JavaScript custom APIs.
Auto-Install Android Device Plugins on Enrollment
Administrators can now choose to deploy Android Plus device plugins to devices during device enrollment. This feature removes the need to manually install plugins later and ensures Android Plus devices are enrolled with the latest device plugins. During enrollment, SOTI MobiControl selects the relevant plugin for the device or, if no plugin is available for the device, gracefully skips the step.
Group Location Services
You can now view the current location of all online devices in a device group at once. Offline devices will report their last known location until they reconnect to SOTI MobiControl, at which point the console will update with the device’s current location. Offline devices are color coded to quickly indicate how long devices have been offline.
Administrative Console Redesign
SOTI MobiControl v15.0 continues the redesign of the administrative console, extending user interface improvements across more areas of the console.
Building on previous work, profile management, from creation through to assignment, has made the move to our next generation user interface. Additionally, you can now perform some profile management actions directly from the Profiles list without opening a Profile Information panel, streamlining your workflow. Individual profile configurations for Android Plus, iOS and macOS have also been migrated with new capabilities and clearer feature descriptions.
All advanced configurations have been converted, improving the configuration process and making it easy to switch between advanced configuration for different device types.
Streamlined Bulk Device Selection
Previously, selecting all devices was limited to the number of devices displayed on a page, whether that was 50 or 250. There is now an option to either select all devices on the current page or all devices across all pages.
Note: This change makes it easy to select all devices in your SOTI MobiControl deployment at once. Exercise caution when granting user permissions.
Granular Permissions
You can now dictate which divisions in your organizations have permissions (read, read/write) to users, custom data, and custom attributes with greater specificity. In large, global operations, it can be tricky to create user access systems that provide adequate permissions to certain administrators without simultaneously granting them broad permissions in areas irrelevant to their responsibilities. By adding more granular permissions, SOTI MobiControl v15.0 reduces the opportunity for disparate parties to make conflicting changes to SOTI MobiControl components.
This feature mirrors the granular permissions already present in profile management.
General Improvements
Android Plus
Administrators can now select which device permissions are requested by the device agent during enrollment. Supported permissions are:
- Draw over other apps
- Modify system settings
- Notification access
- Usage access
Note: The above permissions are granted silently on devices where the option to deploy device plugins is also selected (and a plugin is available for that device). In this case, permissions will be granted after the plugin has finished installing on the device.
Android Enterprise
Improved options for Lockdown mode on Android devices running 9.0 or later
- Enable Recents button
- Enable native notifications
- Enable Home button
Administrators can use the new macro %CertificateTemplate_<Macro-Template-Name>% with Managed App Configurations to dynamically select and apply certificates to devices.
New feature controls:
- Allow Airplane Mode
- Allow Ambient Display
- Allow Screen Timeout Management
- Allow Brightness Configuration Management
- Allow Date Time Management
- Allow Printing
- Allow Device Volume
iOS
New auto-update feature allows administrators to update App Store and custom apps as soon as new versions are released. You can completely automate the app update process by combining this new feature with the “Automatically update app on devices to at least this version” setting. With both settings enabled, SOTI MobiControl will automatically update managed apps on devices as soon as a newer version is released.
Improvements to select profile configurations provide administrators with greater management capabilities
- Email: Exchange ActiveSync – Oauth and new SMIME options
- Feature Control (previously known as Restrictions)
- Allow Modifying Personal Hotspot Settings
- Allow Siri Server Logs
Additional information on installed applications (iOS 13 or later only)
- External version ID
- Installation source
- Beta program participation status
- Ad hoc code signed status
- Available updates
Linux
New profile configuration
- Lockdown: limits device users to only access applications and device features authorized by SOTI MobiControl administrators
Zebra Printers
Package Studio now allows you configure WiFi on printers for certificate-based authentication.
SOTI Hub
New profile configuration setting
- Open hyperlinks only in SOTI Surf browser: prevents device users from opening hyperlinks in third-party browsers
SOTI Surf
New profile configuration settings
- Hide address bar: removes the address bar in the browser, preventing user from manually entering or editing website URLs, thus restricting user access to websites in the Home screen catalog
- Disable zoom gestures: prevents users from using gestures to zoom in and out in web pages
- Disable media auto-play: stops video and audio clips from automatically starting playback. Muted videos, however, will always be auto-played.
REST API
The following REST APIs were introduced in MobiControl 15.0.0:
- Custom Attributes
- List of custom attribute properties (GET)
- New custom attribute (POST)
- Manage existing custom attribute (GET, POST, DELETE)
- Manage existing custom attribute with referenceID (GET, POST, DELETE)
- Custom Data
- List of custom data properties (GET)
- New custom data (POST)
- Manage custom data with specific name (GET, PUT, DELETE)
- Manage custom data with referenceID (GET, POST, DELETE)
- Device Groups
- Send actions to devices within a group (POST)
- Last known locations of devices from a device group (GET)
- Status of location action for devices from a device group (GET)
- Devices
- Last known location of a specific device (GET)
- Identity Providers
- All identity providers configurations (GET)
- Identity provider users (GET)
- Identity providers configuration for a specific identity provider name (GET)
- Identity provider connection (DELETE)
- Update the SOTI identity provider connection (PUT)
- Configure SOTI identity provider (POST)
- Security
- Manage read/write permissions for users based on a catalog reference (GET, POST, DELETE)
- Manage read/write permissions for user group based on a catalog reference (GET, POST, DELETE)
- System Configuration
- Cloud Link Settings (GET)
- Validate global Proxy Configuration (POST)
Upgrade Considerations
-
The SOTI Hub and SOTI Surf Android applications for SOTI MobiControl v15.0.0 are not available on the Google Play Store. You must download the .apk files for SOTI Hub and SOTI Surf from the SOTI MobiControl Downloads page. Previous versions of SOTI Hub and SOTI Surf will remain available on the Google Play Store but do not support the new features released in SOTI MobiControl v15.0.0.
-
SOTI MobiControl Cloud customers must upgrade their SOTI Cloud Link Agent.
Bug Fixes
MC-75462 “OS Edition and OS Base Edition” now display the relevant information for Windows 10 Pro Workstations under device details MCMR-16554 Applications Restrictions for MacOS - Blacklisting a single application path under "Disallow Folders" will blacklist all other apps on MacOS "Except Siri" -
Release 14.5
Note: There is no SOTI MobiControl 14.5.0 release. Instead, SOTI MobiControl v14.5.1 and onward are revision releases that immediately follow SOTI MobiControl 14.4.9.
Revisions:
-
Release 14.4 -- Build 4857 -- June 18, 2019
- v14.4.9 Build 1034 on March 30, 2020
- v14.4.8 Build 1043 on March 02, 2020
- v14.4.7 Build 1053 on January 24, 2020
- v14.4.6 Build 1047 on January 06, 2020
- v14.4.5 Build 1048 on November 25, 2019
- v14.4.4 Build 1045 on October 15, 2019
- v14.4.3 Build 1153 on September 17, 2019
- v14.4.2 Build 1307 on August 20, 2019
- v14.4.1 Build 1195 on July 30, 2019
- v14.4.0 Build 4857 on June 18, 2019
- MD5 Checksum: 4664b107e060121e319083a9e3e7ebd1
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Release Highlights
- Shared Devices for Android and iOS
- Android Plugin Delivery Service
- Set Time Windows for Profile Deployment
- Enhancements to macOS Support
- Streamlined Android Management
Shared Devices for Android and iOS
The Shared Device feature allows different users to log into the same Android or iOS device and gain access to the applications, settings and content assigned to them based on their role in the organization. Sharing devices between employees maximizes the utility of an organization’s fleet of mobile devices and reduces IT capital expenditure. Android devices must have a device agent that is v13.7.0 or later installed to use this feature.
Android Plugin Delivery Service
SOTI MobiControl device plugins extend management capabilities on Android devices. Administrators can now download and install plugins within the SOTI MobiControl console, eliminating the need to manually download the plugins from SOTI’s website and deploy them as packages. Administrators can choose to only download and install plugins for the device models relevant to their deployments.
Set Time Windows for Profile Deployment
Administrators can now control when profiles are deployed to devices, circumventing critical hours of operations. Time windows can be restricted to certain days of the week, weekdays or weekends.
Enhancements to macOS Support
Gain greater control over Mac devices with new scripting capabilities, device actions and configurations. Administrations can now execute scripts written in Bash, Perl, JavaScript, or Python on Mac devices. New device actions include remote shutdown and MDM profile renewal. New profile configurations include per-app VPN support.
Streamlined Android Management
As the Android platform continues to deprecate Device Admin functionality, SOTI MobiControl will now promote Android Enterprise as the default option for Android management. New SOTI MobiControl administrators will now have a seamless introduction to managing their Android Enterprise devices. Android features that utilize Device Admin functionality will be hidden to remove unnecessary distraction and ensure that MobiControl administrators are minimally impacted by its eventual removal. Upgrades from previous versions of SOTI MobiControl will not experience any changes to their workflows, and administrators can easily return to the previous arrangement if desired.
General Improvements
General
- Removed support for Microsoft SQL Server 2008 and Microsoft SQL Server 2008 R2 to coincide with Microsoft’s end of support. We recommend upgrading to Microsoft SQL Server 2012 or later.
- Added an option to SOTI MobiControl installer that allows administrators to control when services start, which is particularly important in distributed environments where services need to start in a specific order.
- Added ‘Device Name’ as profile assignment criteria.
- Improved file transfer architecture to support faster transfer of files, profiles, and packages from SOTI MobiControl to devices.
- Added ability to specify password expiration (in days) for local console accounts. Beginning two weeks prior to password expiration, users will be prompted to update password on every login.
Administrative Console (User Interface)
- Added ability to bookmark frequently used device actions to the beginning of the device actions bar/menu, providing the freedom to most effectively organize device actions
- Added Apple Device Enrollment Program (DEP), Health Attestation, and Trusted Platform Module (TPM) as extended properties that can be queried upon in the Device search
- Added ability to specify a byte unit (bytes, KB, GB or TB) for the property value when performing searches with devices properties that use byte size (for example, total storage)
- Enhanced Advanced Configurations tab in Group Information panel with more details such as status, inheritance, configuration date. Also added a new device family filter that only displays configurations applicable to the selected device family
Android Plus
- Added ability to blacklist specific WiFi SSIDs and block devices from staying connected to SOTI MobiControl servers while connected to those networks
- Improved Speed Control lockdown to keep open applications in device foreground when lockdown engages and if application is an authorized application
Android Enterprise
- Added new device action
- Disable Passcode Lock – Work Managed devices
- Added new feature control option
- Disable Microphone – Work Managed devices
Linux
- Added new profile configurations
- Certificates
- Task Scheduler – create schedules for script execution
Windows Modern
- Added support for the collection of device serial number for HoloLens devices running Windows 10 version 1809 (Redstone 5) or later
REST API
The following REST APIs were introduced in SOTI MobiControl 14.4:
- System Configuration
- Global proxy settings
- Retrieve (GET)
- Replace (PUT)
- Remove (DELETE)
- Enable / disable (PUT)
Bug Fixes
- MC-62562 - Removed the “Disable Safe Mode” option from the Android Enterprise feature control payload since this functionality is not supported on Android Enterprise devices
- MC-65916 - Removed vendor compatibility table shortcut from the Android Enterprise WiFi profile configuration since it does not apply to Android Enterprise profiles
- MC-67355 - Renamed “Disable USB Debugging” option to “USB Debugging” in the Android Enterprise feature control profile configuration to more clearly convey its functionality
- MCMR-14856 - The MAC address displayed in the console changed when devices switched from WiFi to network connections
- MCMR-15913 – Battery status was listed as “Unknown" in the console when a device was charging
- MCMR-16066 - In some load balanced environments with multiple deployment servers, remote control experienced difficulties connecting to devices
- MCMR-16102 – Uninstalling a mandatory application on Android Plus devices did not trigger an alert
- MCMR-16154 – Fixed Japanese localization issue
- MCMR-16185 - The Deployment Server failed to configure custom data on device in multiple server environments if the server version differed on one or more servers.
- MCMR-16259 – Devices were enrolled with duplicate device names
- MCMR-16631 – NetMotion VPN was not being configured on Android devices correctly
- MCMR-17379 – The device Bluetooth MAC address did not appear in the console
-
Release v14.3 -- Build 3144 -- February 25, 2019
- v14.3.4 Build 1087 on June 10, 2019
- v14.3.3 Build 1111 on May 07, 2019
- v14.3.2 Build 1171 on April 16, 2019
- v14.3.1 Build 1189 on April 02, 2019
- v14.3.0 Build 3144 on February 25, 2019
- MD5 Checksum: 397f834d767a389edb7f8834a7089135
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the product documentation for information on proceeding with your upgrade.
Release Highlights
- Administrative Console Redesign
- Android Enterprise Recommended
- New Android Agent Delivery Service
- Enhanced Linux Device Management
- macOS Device Management Improvements
- Enhanced Identity Provider Support
- New Features for SOTI Apps
Administrative Console Redesign
Packages and Profiles
MobiControl v14.3 continues the redesign of the administrative console with Profiles and Packages, bringing new features, while maintaining the familiarity and simplicity that our customers enjoy.
Android Enterprise Recommended
MobiControl is now Android Enterprise Recommended. Businesses can rest assured that selecting SOTI as their EMM will provide them with the latest features for their businesses to operate with ease while keeping their devices and data secure.
Feature highlights include:
- SafetyNet Support, Administrators can execute alerts based on the integrity of their devices determined by Google's SafetyNet
- Factory Reset Protection, Administrators can allow certain individuals to unlock devices after a factory reset to ensure security of their valuable data
- Disabling all System UI Device Feature Control, Administrators can disable system UI to ensure that there are no interruptions for device users during daily operation
General
- Android Debug Logs can be retrieved from devices via the Download Logs dropdown
- Additional Authentication Payload Password Criteria:
- Minimum number of numeric characters
- Minimum number of letters
- Minimum number of lowercase letters
- Minimum number of uppercase letters
- New Password Quality Option: Biometric
- New User Password Policy: Disable Lock Screen
- Factory Reset Protection Profile has been added, allowing admins to set recovery accounts on their android devices.
- Administrators can now utilize SafetyNet to determine the integrity of their devices
- A SafetyNet Attestation Status alert has been added to ensure admins can be kept updated on the integrity of devices.
- New Device Feature Controls
- Always-on VPN
- Disable All Account Creation
- Disable All System UI
- Disable Mounting Physical Media
- Disable USB File Transfer and USB Storage
- Disable Verify Apps Enforcement
New Android Agent Delivery Service
MobiControl administrators can now download OEM Android agents directly from within MobiControl console, eliminating the need to manually inject Android device agents into the MobiControl database. Administrators can choose to download only the latest agents of the device manufacturers and models that are relevant to their deployments.
Enhanced Linux Device Management
Alternative Enrollment Method for Linux Devices
Administrators can now enroll Linux devices using an Enrollment URL. Users can download the agent installer file to enroll their devices, simply by navigating to an enrollment URL.
OS Update Management via Device Actions
- Scan for OS Updates
- Update OS
Access Web Based SSH terminal from SOTI Assist
MobiControl administrators can now access the device's SSH terminal during a remote control session.
Device Web Console access from SOTI Assist
Generally, devices with no UI are provided with a Web Console from the device manufacturer in order to manage the device. Typically, these web consoles are hosted on the device and cannot be access unless you are on the same network as the device. From 14.3.0, you can access Device Web Console during a remote control session without having to be on the same network as the device.
New Profile Configuration
- Application Run Control - administrators can blacklist apps on the device
Linux agent for Zebra RFID readers FX7500 and FX9600
The Zebra RFID Linux agents support the following features:
- Application life Cycle Management
- Install application through packages
- Uninstall applications
- See the list of "Installed Applications" in the device information panel
- Restart an application on the device if it has crashed due to any unexpected errors
- Firmware Update
- Soft Reset the device from MobiControl Admin Console
- File transfer
- Generate alerts on the basis device events and status
- Support for Out of Contact profile configurations
- Access to Zebra Web Console remotely from a remote control session
We have also integrated APIs provided by the Zebra Firmware to fetch the following values from the Zebra device:
- CPU Utilization, Up time
- Flash Available, Ram Total, Ram Used, Ram Available, Ram Info
- Antenna Status. Connectivity type, Time Zone
- Reader IP Address, Client IP Address, LLRP Server IP, LRD Server IP
- Location, Reader name, Reader Serial number
- Actual PA Temperature (Data)
- Radio Firmware Version
- Antenna Status
- Radio Firmware Version
- Ambient Temperature Critical Alarm Count
- PA Temperature High Alarm Count
- PA Temperature Critical Alarm Count
- Forward Power High Alarm Count
- Forward Power Low Alarm Count
- Reverse Power High Alarm Count
- Echo Threshold Alarm Count
- Database Warning Count
- Database Error Count
- PIO Information Count
macOS Device Management Improvements
macOS Agent Enrollment
Adding a device agent to devices that were originally enrolled without an agent is quick and easy. Simply install the device agent on the device and it will automatically pull enrollment information from the device to configure itself.
Support for Deploying New Application Types
Administrators can now deploy two new application types to their macOS devices via an application catalog rule:
- macOS application bundles (.app)
- Apple disk image (.dmg)
Other Features
- Support for Alert rules
- Support for custom attributes
- New device actions
- Soft Reset
- New profile configurations
- User
- Security and Privacy (General)
- Security and Privacy (Privacy)
- Finder
- Parental Control
- Printer
- Login Windows
- Dock
- XSAN Storage
- Extensions
- Desktop and Screensaver
- VPN (F5)
- VPN (Custom SSL)
- Device
- Security and Privacy (General)
- Security and Privacy (Privacy)
- Finder
- Firewall
- FileVault
- Energy Saver
- Time Machine
- Finder
- Parental Control
- Printer
- Login Items
- Login Windows
- Dock
- XSAN Storage
- Extensions
- Software Update Server
- Kernel Extension Policy
- Desktop and Screensaver
- VPN (F5)
- VPN (Custom SSL)
- User
Enhanced Identity Provider Support
Azure
MobiControl administrators can now use Azure Active Directory (AD) as the Active Directory connection for either Azure Identity Providers (IdPs) or third-party IdPs. When an IdP is backed by an Azure AD, MobiControl uses Azure graph APIs to query Azure AD to retrieve user group information. With an IdP connected with cloud-hosted Azure AD, you get both the federated authentication features of the IdP as well as the update capabilities of the directory service.
Device Enrollment
MobiControl administrators can now enroll iOS and Android devices using any SAML 2.0 IDPs (including Azure), with or without an active directory connection (on-premises and cloud-based Azure AD). For Android and iOS, MobiControl promotes use of Federated Authentication through an IdP.
Elastic Search and Profile Targeting
MobiControl administrators can search for iOS and Android devices based on IdP membership. They can also assign profiles based on IdP membership.
Note: If you are using an IdP without directory service connection (on-premises AD or Azure AD, which communicates with MobiControl through Microsoft's Graph API) MobiControl cannot regularly query the IdP for user information.
New SOTI Apps Features
SOTI Hub
New Content Repository
Administrators can now provide access to the Box cloud content management service via SOTI Hub. SOTI Hub agents will have the ability to view, download and search files and folders from this repository.
New Content Creation Support
Devices users can now create content from within the SOTI Hub agent. Content creation features include:
- Creating new content (Documents, Slides, Excel Sheets and Images)
- Uploading of new content on the supported repositories
- Creating and saving new content locally in My Files
- Setting data leakage policies (Copy and Paste, Share, and Print) on new content saved locally
Remote View Support
MobiControl has added support for remote view features to iOS devices, which allows administrators to remotely view the SOTI Hub app.
General Improvements
General
- Improved search capabilities:
- Increased performance on advanced search to provide more accurate data
- Updated MobiControl certificate key lengths to SHA2 with 1024 key size
- Expanded delivery options for Send Script device action
- Added ability to delete Management Server and Deployment Servers from the MobiControl Console. You cannot delete the last Management Server or Deployment Server
- Added ability to restrict packages to installing only within a set time window
Administrative Console (User Interface)
- Added ability to export Profiles and Packages data to a spreadsheet (CSV), with customizable properties to cater to different reporting needs.
- Added ability to review history of a profile, that is the configurations, packages and assignment targets of previous versions of a profile.
- Added ability to download the .pcg file of a package from the console
Android
- Added new profile configuration: Task Scheduler which allows administrators to schedule the execution of device side scripts
- Administrators can now send Android Enterprise packages to work profile devices
iOS
- Improved search and update functionality for Apple VPP B2B applications
- Added new DEP options:
- Disabled device activity until device is configured by MDM
- Added new skip screen options
- Added new options to Restrictions profile configuration including but not limited to:
- Force Date and Time to be set automatically
- Prevent Password AutoFill
- Prevent password sharing
REST API
The following REST APIs were introduced in MobiControl 14.3:
- Device Groups (POST)
- Set wallpaper on a group of devices
- Devices (DELETE)
- Delete user from devices based on device ID.
- Identity providers (GET)
- Users
- Connections
- Logs (GET)
- Available agent log types
- Events
- Group
- Device summary
- Group summary
- Packages
- List of packages (GET)
- Delete package (DELETE)
- Package execution statuses (GET)
- Logs (GET)
- Log summary (GET)
- Package statuses (GET)
- Download a specific version of a package (GET)
- Version (GET)
- Delete version based on version string (DELETE)
- General file download (GET)
- Product
- End user license agreement (GET)
- License file (PUT)
- Registration code (PUT)
- Profile
- List of profiles (GET, POST)
- Detail of specific profile (GET, DELETE)
- Profile actions - disable, retry and revoke (POST)
- Profile assignment (GET, PUT)
- Device assignment summary (GET)
- Draft profiles - description and name (PUT)
- Logs and log summary (GET)
- Packages (GET, PUT)
- Versions - profiles (GET)
- Version numbers of profile packages, profile payloads (GET)
- Reports
- Packages (GET)
- Email package report (POST)
- Profiles (GET)
- Email profile report (POST)
- Search
- Health (GET)
- Security
- Assets - rights, user rights (GET, PUT)
- Catalogue item rights (GET)
- Permissions (GET)
- Groups (GET)
- User catalogue item rights (PUT, GET)
Known Issues
- MC-68693 - When upgrading MobiControl to 14.3.0 from a previous version, Cloud Link agents must be upgraded separately. This affects all LDAP communication
-
Release v14.2 -- Build 2894 -- November 01, 2018
- v14.2.4 Build 1003 on March 21, 2019
- v14.2.3 Build 1069 on February 13, 2019
- v14.2.2 Build 1170 on January 14, 2019
- v14.2.1 Build 4394 on December 03, 2018
- v14.2.0 Build 2894 on November 01, 2018
- MD5 Checksum: 2d0beecc9860f9b34f0f341822032267
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the MobiControl Documentation Set for information on proceeding with your upgrade.
Release Highlights
- Introduced Support for Microsoft HoloLens
- macOS Device Management Improvements
- Enhancements to Linux Device Management
- SOTI Apps Improvements
- Syslog Server Integration
- New iOS Remote Screen Sharing
Introduced Support for Microsoft HoloLens
MobiControl v14.2 allows you to enroll and manage Microsoft HoloLens devices with the following device management capabilities:
- Profile Configurations
- Root Certificates
- Client Certificates
- SCEP
- Application Run Control
- Modern VPN
- WiFi
- Device Actions
- Check-in
- Lock
- Other device actions consistent with those present on the Windows Modern platform
- Support for deployment of Windows Modern applications via Application Catalog rules
macOS Device Management Improvements
MobiControl v14.2 provides significant improvements in management of macOS devices. You can now enroll macOS devices with a MobiControl device agent, which offers greater device management features including remote view with chat and file browsing functionality, location tracking, access to application catalog, a message center and more.
Other features new in MobiControl v14.2 for macOS include:
- Profile Configurations
- User
- Accessibility
- Fonts
- Managed Domains
- Proxy Profile
- Restrictions
- Device
- Directory
- Fonts
- Managed Domains
- Proxy Profile
- User
- Device Actions
- Scan for OS Updates
- Send Message
- Update OS
- Support for Self Service Portal
Enhancements to Linux Device Management
Improvements to Linux device management in MobiControl v14.2 include:
- Profile Configurations
- Application Run Control
- Out of Contact
- Advanced Configurations
- Connection Settings
- Script Commands
- ./mobicontrol -connect to connect device agent to MobiControl server
- Silent installation of packages
SOTI Apps Improvements
SOTI Surf
The following improvements were made to SOTI Surf:
- Changes to the SOTI Surf profile configuration
- Applications Settings: Control which SOTI Surf application settings are available to the device user
- New Privacy Settings
- Disable bookmark creation
- Clear browser history on launch
- Integration with iOS Web Clips: Use a SOTI Surf launch decorator (surf://) to force URLs to open in the SOTI Surf browser
- Improved dialing interaction: On Android devices, SOTI Surf pre-populates phone app when phone number is tapped in browser, rather than auto-dialing
SOTI Hub
MobiControl administrators can now control if device users can copy and paste content while editing documents in SOTI Hub.
The SOTI Hub app has been redesigned to improve the user interface of File or Folders in All Listing and the Details screens.
Syslog Server Integration
An enhanced logging capability has been introduced by including the following Syslog Servers:
- Linux Rsyslog (UDP, TCP with TLS)
- Splunk (UDP, TCP with TLS)
- Kiwi (UDP, TCP with TLS)
Event logs generated by MobiControl are sent to an external Syslog server. These events include information about administrative actions executed in the Web console, logs for MobiControl server events, as well as logs for device events. The logs are found under each device's Logs panel, as well as in the Security and the Servers tabs of the legacy console.
New iOS Remote Screen Sharing
You can now leverage the Screen Recording functionality introduced in iOS 11 to Remote View an iOS device and troubleshoot issues in any application on the device.
General Improvements
General
- Improved %AUTONUM% macro to allow administrators to set the number of leading zeros
- Added new system alert option for low license warning
- Added ability to assign third-party certificates in MobiControl to secure communication between MobiControl and the Identity Provider
- Added ability to download MobiControl Identity Provide public certificate
- Added ability to email csv file of Devices list
- Added bulk import of mappings for device relocation rule via csv file
- Added ability to bulk import custom attributes via csv file
- Preserved device name after un-enrollment and re-enrollment - not support for Printers
- Changed MobiControl registration code field to read-only on MobiControl Cloud installations
Administrative Console (User Interface)
- Added new Packages section under Configurations tab in the Device Information panel
- Redesigned Devices List grid as reusable component to improve cross-browser support, UI responsiveness and overall performance
- Modified the horizontal scroll bar to persist at the bottom of browser window so users do not need to scroll to bottom of Device list
- Removed grey overlay that appeared when resizing MobiControl in a browser
Android
- Removed Enter URL option from Application Catalog rule for Android Plus for Google Play Store applications and Managed Google Play Store applications
- Added Single App Mode functionality to Lockdown profile configuration
- Added new profile configuration: Managed Google Play which allows administrators to control how Managed Google Play apps function on device
- Added macros for use within the Managed Application configuration to simplify the distribution and configuration of apps from Managed Google Play store
Android Enterprise
- Added ability to approve Managed Google Play Store apps directly within the Application Catalog wizard
- Added ability to delete equivalent app collection from Google Play Store if App Catalog rule is deleted in MobiControl
- Added new profile configuration: APN
- Added Speed Control functionality to Kiosk Mode profile configuration
iOS
- Improved Update OS device action with ability to target specific OS versions
- Added Bluetooth Settings advanced configuration
- Added new settings to Wipe device action
- Skip Proximity Setup panel in Setup Assistant
- Preserve Data Plan
- Added ability to automatically push an updated version of an application via Application Catalog rule
- New Device Actions
- Update MDM Profile
- Play Sound
Windows Modern
- New Profile Configuration: Assigned Access - Configurations
- Added support for devices running Windows 10 Redstone 1 or Redstone 2 for Windows Health Attestation Report
- Added new options to Wipe device action
- Wipe and Persist Data
- Wipe and Persist Provisioning Data
- Protected Wipe
REST API
The following REST APIs were introduced in MobiControl v14.2:
- Android Firmware Upgrade
- Available firmware versions (GET)
- Licenses (GET, POST)
- Groups (GET, POST)
- GroupID (DELETE)
- Set upgrades (POST)
- Device Groups
- Members notes (GET)
- Notes (GET)
- Notes reference ID (PUT, DELETE)
- Path (PUT)
- Devices
- Device ID notes (GET, POST)
- Device ID notes reference ID (PUT, DELETE)
- Device ID package installation info (GET)
- Device ID TPM versions (GET)
- Compatibility action context (POST)
- Custom attributes upload (POST)
- Device users (POST)
- Devices search (GET)
- User Directories
- Connections (GET)
- Email Profiles (GET
- Geofences
- Name (GET, PUT, DELETE)
- Summary (GET)
- Reports
- Devices actions email report (POST)
- System Configurations
- Syslog (GET, PUT, DELETE)
- Syslog tests (POST)
Bug Fixes
- MC-60190 - Security policy was cached and validation was using rights of the wrong user
- MCMR-11717 - MobiControl Archive grew rapidly as main logs are copied to archive database multiple times
- MCMR-13341 - Package information in the Packages tab does not include internal build version
- MCMR-13945 - Device list view showed time in UTC as opposed to the time configured on the server
- MCMR-14110 - Could not provision packages larger than 200 MB to Windows Desktop
- MCMR-14273 - Logon URL at /oauth/logon returned a server error when accessed after SOTI Assist is installed
- MCMR-14333 - MobiControl Search service did not start when machine name was changed
-
Release v14.1 -- Build 1152 -- January 31, 2018
Revisions
- v14.1.8 Build 1064 on September 04, 2018
- v14.1.7 Build 1101 on August 13, 2018
- v14.1.6 Build 1113 on July 24, 2018
- v14.1.5 Build 1284 on June 20, 2018
- v14.1.4 Build 1693 on May 29, 2018
- v14.1.3 Build 1587 on April 30, 2018
- v14.1.2 Build 1937 on April 02, 2018
- Original Release v14.1.0 Build 1152 on January 31, 2018
- MD5 Checksum: ff274db8884bc30f1b2c82bbaca15615
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the MobiControl Documentation Set for information on proceeding with your upgrade.
Release Highlights
- Adds support for macOS device management
- SOTI hub support for SharePoint Online, OneDrive and One Drive for Business
- SOTI hub document editing and checkin/checkout capability
- Improvements to the redesigned administrative console introduced in v14.0
macOS Device Management
Introduces support for the enrollment and configuration of macOS devices. Ideal for BYOD deployments of macOS, MobiControl’s device management includes but is not limited to:
- Self service web-based enrollment
- Asset inventory and device lifecycle actions such as Lock, Wipe, and Unenroll
- Device and user configuration such as Email, Calendar, Ethernet/WiFi, VPN, Authentication, Certificate installation, and feature restrictions.
SOTI hub
Expanded Document Repository Support
Introduced support for SharePoint Online, OneDrive, and OneDrive for Business as SOTI hub repositories.
Document Editing and Check Out Support
Adds support for editing documents stored in SharePoint 2013 (On-premises), and SharePoint Online, where the administrative data leakage policy has been set to allow editing.
- Support for editing .doc, .docx, xls, xlsx, .ppt, .pptx
- Support for highlighting and annotating .pdf
- Support document check out and checkin on the supported repositories
Administrative Interface Improvements (New UI)
Device Information Update Notification
The Device List and Information panel will now present a notification to indicate that information about one or more devices in the present view have been updated, and provides the opportunity for the administrator to update the device information.
Keyword Device Search
Removes the option to toggle “Advanced Search” on or off, and adds the ability to search by “Keywords” in the search input dialog. Keyword search allows for rapid value search without having to select a device property, effectively the same as advanced search being toggled off.
Improved Search Input
- Improved date and time entry by providing a date and time picker
- Improved value presentation when using the “between” operator
- Added input validation for values by property type
General Improvements
- Added the ability to view a full event device event log by double clicking on the event
- Improved consistency of search/filter dialogs when there are no search results
- Added “Preferences > Reset Console” option that allows an administrative user to reset user-specific preferences and configurations such as Saved Searches, Charts, etc. to default values.
- Added a short delay to device group expansion when dragging devices over device groups.
- Added the option “Ask me every time I start a session” to the “Preferences > Remote Control” dialog allowing an administrator to choose the remote control console of their choice each time.
iOS
- Improved Payload statuses for iOS to show “Partially Installed” and improved events logs when a profile failed to install
- Added “Restart” and “Shutdown” device actions
- Restored the “Provisioning Profiles” information table that was available in v13 and earlier environments.
- Added support for the following options in the “Restrictions” profile configuration:
- Disable AirPrint
- Disable keychain storage and AirPrint credentials
- Require TLS for AirPrint
- Disable iBeacon discovery for AirPrint
- Disable System app removal
- Disable creation of VPN configurations
- Disable modifying Notification settings
- Disable modifying Bluetooth settings
- Disable modifying Diagnostic and Usage Data Settings
- Disable remote view by Classroom app
- Disable Apple Music Radio
- Disable dictation input
- Restrict joining WiFi networks
Windows Modern
- Adds support for location-based geo-fencing on Windows 10 devices enrolled as “Windows Modern” devices.
General
- Added option in Certificate Template configuration to remove expired certificates from the system upon renewal (released in v13.4)
- Auto generate new root certificate (MC-35187)
Deprecations
- Removed the “TCP/IP Direct” option from the “Remote Control Connection” advanced setting dialog (option unsupported since v12.0).
Bug Fixes
- MC-48009 - Resolved an issue that would cause the Management Service to crash when renewing authentication tokens
- MC-42146 - Resolved an issue that would prevent an administrator from viewing “Advanced Settings” in a device information panel if the administrator didn’t have the “Show absolute device group paths” permission
- MC-40453 - Corrected accuracy of the password length password requirement in “Change Password” dialog
-
Release v14.0 -- Build 4905 -- October 31, 2017
Revisions
- v14.0.2 Build 1226 on December 12, 2017
- v14.0.1 Build 1674 on November 28, 2017
- Original release v14.0.0 Build 4905 on October 31, 2017
- MD5 Checksum: f2c3dad92181c12964f09748d6f3e612
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team or visit the MobiControl Documentation Set for information on proceeding with your upgrade.
Release Highlights
- Redesigned Administrative Console
- Support for Linux Device Management
- Simplified Android Enterprise Enrollment and Application Distribution
- iOS Software Update Management
- Bulk Enrollment of Windows 10 Devices
- Expanded Public API Support
- Improved Product Documentation
Redesigned Administrative Console
MobiControl v14 introduces a re-designed administrative console that incorporates the administrative needs of a broadening mobility landscape, while maintaining the familiarity and simplicity our customers enjoy of MobiControl. Refer to the MobiControl v14 Administrative Console Transition Guide for a complete list of capabilities and differences.
Improved Search
Search for devices using over 150 device properties. Create granular queries with or without Boolean logic to isolate specific devices of interest quickly and easily.
Charts
Display real-time and customizable charts that visually summarize your entire device fleet, a device group or search results.
Data Export
Export device search results to a spreadsheet (CSV format), with customizable device properties to cater to different reporting needs.
Bulk Actions and Action Compatibility
Execute actions across one or more devices and obtain advanced warning if a device may not receive the action request because of compatibility or user privileges.
Other Notable Changes and Improvements
- Virtual groups with filter criteria can now contain multiple statements for more granular filtering.
- Announcements provide administrators with information pertaining to their MobiControl environment and product information from SOTI.
- Support for bookmarking devices and/or specific search queries in the new console.
- Support for branding the title bar of the MobiControl console with a logo.
- Improved interface for assigning users to devices.
- Improved interface for setting Custom Attribute values for devices and device groups.
- Address of device location is now populated in the Location information panel.
- Application run control now available for Android Enterprise devices.
Support for Linux Device Management
MobiControl v14 introduces the EMM industry’s first management option for Linux devices, including support for:
- Remote control for remote troubleshooting
- Bidirectional file synchronization and package deployment for transferring files
- Custom Data definitions and data collection to monitor extended device information
- Execution of Linux shell scripts to automate and execute common Linux tasks
MobiControl manages Linux devices running either Ubuntu 16.10 or later or devices running Raspbian 8.0 or later.
Simplified Android Enterprise Enrollment and Application Distribution
MobiControl v14 adds support for Managed Enterprises which consist of user, device and administrator accounts that organize enterprise apps for your Android devices. Managed Enterprises provide a more streamlined enrollment and application deployment experience, particularly in circumstances where devices may not be assigned to a single user, such as kiosk environments. Managed Enterprises support 'device accounts' - accounts intended for single purpose devices - as well as user accounts so you have flexibility to decide how to manage your enterprise app deployment.
iOS Software Update Management
MobiControl administrators can now force the download and/or installation of iOS updates on company owned devices to ensure consistency across your devices and swift resolution of security vulnerabilities without user intervention.
Bulk Enrollment of Windows 10 Devices
MobiControl v14 adds support for the bulk enrollment of Windows 10 devices using certificates and provisioning profiles, and removes the requirement for authenticating as a directory user to enroll Windows modern devices.
Expanded Public API Support
The MobiControl Public API has been expanded in alignment with the features of the new administrative console, including, but not limited to:
- Package upload and distribution through Profiles
- Improved performance when filtering devices by properties
- Summary information about devices to build charts
- Expanded device action support including bulk actions
Refer to the API documentation hosted on your environment for more details on the new API methods.
Improved Product Documentation
The documentation for MobiControl v14 has been restructured to more logically group information. Additionally, we have split the documentation into a series of books, each of which focuses on a different component of MobiControl. Visit the MobiControl Documentation Set to learn more.
General Improvements
- Added a new “Target” device group permission that limits a particular administrator’s ability to deploy Profiles and Rules to selected Device Groups.
- Added official support for hosting MobiControl on Microsoft Windows Server 2016 and Microsoft SQL Server 2016 for the MobiControl database.
Deprecations
- Indoor location of devices when using Aruba AirWave is no longer available
- Sending SMS messages through another device is no longer available
- Sending messages exclusively through Platform Notification Service is no longer available
- The ability to locate multiple devices simultaneously on a map is no longer available
- The ability to upload APNS certificates through MobiControl Administration Utility has been removed in favor of the existing method via “Global Settings” in the administrative console
- Legacy APIs (those not documented on /MobiControl/API) have been removed
- Removed the “Device Configured” alert from Alert Rules
- Removed the ability for local administrative users to recover their password via pre-defined security questions using the “Forgot Password” link on the login page
- For security reasons, the login page will no longer warn of the number of login attempts remaining when incorrect credentials are provided for a user
- Identifying “agent-less” iOS devices in the device list have been removed
- The “View Absolute Device Group Path” permission now only applies to the device group tree – the device information panel and device grid will show the full path regardless of the user’s permission to view the groups in the path
- Custom Data names must now be unique globally rather than unique by platform – existing names remain unedited however search may return unexpected results without global uniqueness
- Some actions can no longer be executed on a device group
- iOS provisioning profiles are no longer visible in the Installed Applications information panel
- Removed the ability to upload device users and Custom Attributes in bulk using a CSV file
- Removed the ability to use Baidu as a mapping service for locating devices
Upgrade Considerations
- See the MoibControl v14 Upgrade Guide for a more comprehensive overview of the differences between MobiControl v14 and previous versions
- “HTML5” remote control has been renamed to “Web-based” remote control, and requires the installation of SOTI Assist – no license is required to use the SOTI Assist remote control with MobiControl
- "Android for Work" has been renamed to "Android Enterprise" and retains the same level of functionality
- Removes official support for Windows Server 2008 and SQL 2008 – R2 still supported, however upgrade will still proceed
- Updated system and network requirements include a new Windows Service for “MobiControl Search”, and a new network communication port requirement between MobiControl servers
- Upgrade requires that the MS SQL user used by MobiControl be granted the sysadmin privileges during the upgrade process
- Agent upgrades are required of Android Enterprise and Windows Mobile/CE, other Android+ devices running MobiControl v13.3 agents are supported and compatible
- Device Action permissions are now more granular; it is advised that you review the administrative model to verify administrative users have the desired permissions
- MobiControl EULA must be accepted by any administrative user before logging into the administrative console
- LDAP that share the same username as a local user must now prefix their username with their domain on the login screen
- LDAP groups used in filter criteria for a virtual group will appear as the LDAP identifier (referred to as “SID”) after upgrade
-
Release v13.4 -- Build 3985 -- November 2, 2017
Revisions
- v13.4 Maintenance Releases
- Original release v13.4.0 Build 3985 on November 2, 2017
Please note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments.
Contact SOTI's Professional Services and Support Team for information on proceeding with your upgrade.
Release Highlights
- Simplified Android Enterprise Enrollment and Application Distribution
- Single Concurrent Session Support in MobiControl Console
Simplified Android Enterprise Enrollment and Application Distribution
MobiControl v13.4 adds support for Managed Enterprises which consist of user, device and administrator accounts that organize enterprise apps for your Android devices. Managed Enterprises provide a more streamlined enrollment and application deployment experience, particularly in circumstances where devices may not be assigned to a single user, such as kiosk environments. Managed Enterprises support 'device accounts' - accounts intended for single purpose devices - as well as user accounts so you have flexibility to decide how to manage your enterprise app deployment.
You can create multiple Managed Enterprises in MobiControl to accommodate the structure of your organization.
Single Concurrent Session Support in MobiControl Console
MobiControl administrators can now restrict Console users to running a single active session at a time. When enabled, the existing MobiControl session will terminate immediately if a user initiates a new session. Limiting the number of active sessions a user can run allows administrators to better meet their corporate security standards. This new option is part of MobiControl's Access Control Policies, accessible through Console Security Settings and is turned off by default.
-
Release v13.3 -- Build 2906 -- December 30, 2016
Revisions
- v13.3 Maintenance Releases
- Original Release v13.3.0.2906 on December 30, 2016.
Please Note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments. If you do not have such practices in place, please contact SOTI's Professional Services and Support Team for consultation before proceeding with your upgrade.
Release Highlights
- Improved Support for Windows Modern
- Single Sign-On Compatibility
- Zebra StageNow
- Improved Support for Android for Work
- Support for NetMotion VPN
- iOS Improvements
- SOTI surf Enhancements
- SOTI hub Enhancements
Improved Support for Windows Modern
MobiControl 13.3 augmented our support for the Windows Modern platform in the following areas:
Advanced Security
Windows Information Protection
MobiControl v13.3 adds support for Windows Information Protection (WIP), a transparent containment solution that reduces the inconvenience on end users when protecting corporate data by limiting the ability to share data with unapproved applications and network destinations configured by the administrator.
Windows Defender / Advanced Threat Protection
MobiControl v13.3 adds support for ad-hoc and scheduled Windows Defender scanning, and ensuring devices have the latest definitions to ensure threat protection against managed devices. Additionally, support has been added for onboarding of devices to the Advanced Threat Protection Service (ATP). ATP is a subscription cloud-based monitoring service offered by Microsoft to help enterprises detect, investigate, and respond to advanced attacks on their networks. It supplements the security provided by Windows Defender to bring an additional layer of protection to your desktop devices.
Custom Health Policy
Custom health policies expand on the Health Attestation Report feature introduced in MobiControl v13.0 by adding support for defining the security conditions that are vital to your organization and generating alerts whenever a device triggers a warning or failure of those conditions.
Application Deployment
Broader Application Deployment Compatibility
The Application Catalog rule has been extended to support classic Windows desktop applications in *.msi format, to Windows Modern desktop devices.
Windows Companion for MobiControl
Extract application package information necessary for various Windows Modern profile configurations using the Windows Companion utility available for download from the MobiControl Download page.
Secure Communication and Access
Certificate Distribution
The Certificates profile configuration supports distribution of private-key client certificates. For root certificate management on desktop devices, you can now also explicitly target various user or device certificate stores.
Assigned Access
Assigned access is now available for Windows Modern desktop or tablets to restrict user accounts to a single application chosen by the administrator – suitable for kiosk use cases.
Convergence of the Windows Classic Desktop Features on the Windows Modern Platform
The following Windows Classic features are now available for Windows Modern device enrollments leveraging a device agent that is deployed silently during enrollment.
- Remote Control
- File Sync Rule
- Package Deployment via Profiles
- Custom Data and Custom Attributes
Federated Authentication
With the release of MobiControl 13.3, we now integrate with Identity Providers (IdP) using SAMLv2 for authentication to the MobiControl administrative console, Self Service Portal, iOS Profile Catalog, and device enrollment for Android and iOS devices.
Zebra StageNow
Support for out of the box staging as well as in field configuration of Zebra devices via Zebra StageNow - a Windows application that helps organizations configure their latest Zebra devices running Android.
Improved Support for Android for Work
Remote Control and View
You can now Remote Control Android for Work Managed Devices for certain Android OEMs with the installation of a Remote Control plugin, and Remote View any Android for Work Managed Profile devices from the MobiControl Web Console.
New Device Provisioning Method
Adds a simple method of provisioning Android for Work managed devices without individual Google accounts by leveraging the “afw#mobicontrol” token.
New Feature Control option
Disable Multi-User Profiles - available on Managed Devices only
Remote Device Reboot
You can now reboot Android for Work Managed Devices from the MobiControl Web Console.
Support for NetMotion VPN
MobiControl 13.3 adds support for the NetMotion VPN using profile configurations on Android+, Android for Work, and iOS devices.
iOS Improvements
- Devices enrolled in the Apple Device Enrollment Program can now be assigned to specific Add Devices Rules to support different enrollment destinations and Apple DEP enrollment behavior.
- Lost Mode locks and tracks missing iOS devices from the MobiControl Web Console
SOTI surf Enhancements
As of MobiControl 13.3.0.3217
The latest release of MobiControl improves existing functionality and adds new features to the SOTI surf profile configuration and app. You can now restrict web browsing on different network types, set a website as the app home screen, and designate ‘corporate bookmarks’. Improvements to kiosk mode, website filtering, and privacy settings provide increased regulation of the app.
The SOTI surf app now supports download pausing and resumption, bookmark and history searches, and miscellaneous design modifications to improve user experience. On Android devices only, custom URL schemes (File://) and external certificates are now supported. Download the SOTI surf app from the Apple App Store or the Google Play Store.
It is recommended that you also update the ERG component for SOTI surf using the latest SOTI apps installer (available here) whenever you update your SOTI surf app.
SOTI hub Enhancements
As of MobiControl 13.3.0.3623
You can now designate certain files or folders in your content repository as "Mandatory" downloads. These files and folders are automatically downloaded by the SOTI hub app when it connects to the content repository. Mandatory files and folders appear in a separate menu item in the SOTI hub app, allowing device users to easily and swiftly access these important documents. Device users will be unable to remove these files from the app.
Download the SOTI hub app from the Apple App Store or the Google Play store.
General MobiControl Features
MobiControl v13.3 adds the ability to restrict which networks can be used when upgrading a MobiControl agent.
Upgrade Observations
Samsung ELM Agent Migration
The non-ELM agent for Samsung devices is no longer supported. All devices enrolled with the non-ELM agent must be migrated to the ELM agent prior to upgrade. Refer to the online Help documentation for instructions on the migration process.
Event Log Archival Database
MobiControl 13.3 introduces a second database for event log archival. Event logs older than 48 hours will be moved to this database daily. MobiControl database access permissions must include the ability to create databases or the upgrade will fail.
Android 2.3 (Gingerbread) Deprecation
MobiControl 13.3 will not support devices running Android 2.3.
-
Release v13.2 -- Build 3081 -- August 31, 2016
Revisions
- v13.2 Maintenance Releases
- Original Release v13.2.0.3081 on August 31, 2016
Please Note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments. If you do not have such practices in place, please contact SOTI's Professional Services and Support Team for consultation before proceeding with your upgrade.
Release Highlights
- Expanded Suite of SOTI apps
- Improved Android for Work Support
- Additional MobiControl API Functionality
Expanded Suite of SOTI apps
Our suite of internal mobile applications was designed to work with MobiControl and reduce many of the obstacles inherent in providing protection for your data across multiple mobile devices in specialized distributions.
SOTI hub
The SOTI hub app provides a secure gateway between your enterprise content and your employees’ mobile devices. Originally released with MobiControl 12.2, SOTI hub in MobiControl 13.2 offers several improvements in functionality and compatibility. You can now configure SharePoint 2013 (On Premise) content repositories for SOTI hub.
The latest version of the SOTI hub app also includes an integrated viewer that allows MobiControl administrators to restrict the distribution of enterprise content to the SOTI hub app. Further improvements include, but are not limited to, full compatibility with iOS devices, improved search capability and a design refresh for the mobile app.
SOTI hub is compatible with devices running Android 4.1 or later, or iOS 8 or later.
SOTI surf
The SOTI surf app combines a fully functional mobile browser with a variety of security features. Take advantage of our enterprise resource gateway to encrypt all traffic passing through the SOTI surf browser. It provides safe access to your internal network, allowing device users to seamlessly switch between internet and intranet. Additional security features include support for LDAP authentication, web site and content filtering and numerous data leakage prevention options that restrict browser features with the potential for security breaches.
SOTI surf is available on devices running Android 4.0 or later, or iOS 8 or later.
Settings Manager
MobiControl administrators can now create a Settings Manager profile configuration to determine which device settings are available to device users in Lockdown mode.
Settings Manager is available on devices running Android 4.1 or later.
Improved Android for Work Support
MobiControl 13.2 bolsters our support of Android for Work-enabled devices with the following new or improved features:
Android 7.0 Support
Our Android for Work agent fully supports Android 7.0.
Streamlined Device Provisioning
Get your Android for Work devices ready faster than ever. You can now use NFC to automatically receive enrollment information, speeding up the provisioning process.
Furthermore, you can now disable the Google account requirement during the enrollment process of Managed Devices -- useful for devices with multiple users.
Package Deployment via Profiles
MobiControl now supports package deployment via profiles to Android for Work Managed Devices.
Enhanced Profile Configurations
The Android for Work Email profile configuration adds the ability to configure options for S/MIME encryption and to limit a device user’s ability to open email attachment over a specified threshold.
The Feature Control profile configuration has expanded to provide options that control a device user's ability to modify certain device settings.
Enterprise Binding
The procedure for unbinding Google’s MDM tokens from MobiControl has been simplified. Active application catalog rules on the account are now displayed before the unbinding succeeds.
Additional MobiControl API Functionality
MobiControl 13.2 adds several capabilities to our RESTful web service APIs, including the ability to:
- Retrieve server information and status
- Send scripts to device actions
- Provide a list of all profiles assigned to a device
- Install and revoke profiles to a specific device
Upgrade Considerations
Generic Android Tab Deprecation
The Android+ platform is now capable of fully supporting those devices previously categorized as generic Android devices. Therefore, the generic Android platform tab will no longer appear on new installations of MobiControl beginning with MobiControl 13.2. If you are upgrading from a previous version of MobiControl and your system contains generic Android devices, you will continue to see the generic Android tab.
-
Release v13.1 -- Build 5200 -- May 16, 2016
Revisions:
- v13.1 Maintenance Releases
- Original Release v13.1.0.5200 on May 16, 2016
Please Note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments. If you do not have such practices in place, please contact SOTI's Professional Services and Support Team for consultation before proceeding with your upgrade.
Release Highlights
Enhanced Apple Volume Purchase Program
The Apple Volume Purchase Program (VPP) is designed to simplify application licensing across a large number of devices. It enables organizations to purchase application licenses in bulk, saving on cost, time, and effort. In version 13.1 of MobiControl, we are pleased to announce increased support of VPP with the addition of the following new features:
- VPP Managed Distribution - Device Based Assignment
- Manual Reconciliation of Licenses
VPP Managed Distribution - Device Based Assignment
Device-based assignment adds significant flexibility to the Managed Distribution program. Previously, application licenses were tied to an Apple ID which could make license management difficult in certain circumstances - such as when there are multiple users over a device's lifetime. With the introduction of device-based assignment, you can now assign application licenses directly to devices. Using device-based assignment requires no additional effort and switching between Apple ID based and Device-based assignment is quick and easy.
Manual Reconciliation of Licenses
MobiControl 13.1 adds the ability to manually reconcile any licenses that are technically unattached to a device but remain unavailable until after the completion of nightly maintenance. Now you can force an audit on the statuses of your licenses at any time with the click of a button.
Increased API Functionality
MobiControl API now supports the ability to locate devices that are assigned to a specific user and the ability to set custom attribute values at the device level.
Server Configurations
VPP Account Ownership
An Apple VPP account allows you to easily manage your application purchases and license distribution. Some organizations find it useful to share a single Apple VPP account across multiple MDM deployments to satisfy their unique requirements. VPP Account Ownership alleviates any confusion such a division of accounts can cause. With Ownership, any changes regarding your application licensing can only be completed by one MDM at a time. MobiControl 13.1 provides a clear indication of Ownership status, allows you to easily regain Ownership and updates you whenever Ownership is transferred. You'll never have to worry about license distribution conflicts again.
Upgrade Considerations
Android Agents Compatibility
- All v13.0 Android agents are compatible with the v13.1 release and no upgrade of Android agents is required.
Apple VPP
- The application publisher must enable "device-based assignment" on their app for IT administrators to take advantage of this feature.
- Device-based assignment is supported only on devices running iOS 9 or later.
- Excessive requests to the Apple VPP server will generate a 'Retry After' message, instructing the user to wait until after the period of time specified in the error message has passed before attempting to contact Apple servers again.
Updated Reporting Engine
- If you receive an Activation Message while attempting to generate reports after upgrading to 13.1, ensure that your MobiControl is correctly activated. Refer to MobiControl Help for more information on Activation.
-
Release v13 -- Build 33604 -- December 31, 2015
Revisions:
- v13.0 Maintenance Releases
- Original Release v13.0.0.33604 on December 31, 2015
Please Note: We strongly recommend following the standard IT change control practices and testing of product upgrades in pre-production environments. If you do not have such practices in place, please contact SOTI’s Professional Services and Support Team for consultation before proceeding with your upgrade.
Release Highlights
- Improved Android for Work Support
- Improved Support for Windows Modern Devices
- MobiControl APIs
- Package Deployment via Profiles
- Redesigned Self Service Portal
Improved Android for Work Support
MobiControl now provides expanded support for corporate owned, personally enabled (COPE), corporate owned, business only (COBO) and purpose-built, rugged devices within the Android for Work framework. Customers can now take advantage of streamlined provisioning and consistent manageability of Android devices while maintaining full control of the device.
MobiControl 13 support for Android for Work Managed Devices includes all the existing Profile configurations available for Android for Work Managed Profile devices in previous versions and expands on those capabilities with:
- Managed Profile
- Kiosk Mode (Available for devices running Android 6.0 or later)
- New Feature Control settings
- Manage Bluetooth
- Disable Camera
- Disable Factory Reset
- Disable Safe Boot
- Disable Smart Lock
- Manage WiFi
- Data Roaming
- Disable USB File Transfer
- Support for Work Account-enabled Provisioning
- End-users activating a brand-new device using a Work-managed Google account are automatically provisioned with the MobiControl Agent.
- Support for device provisioning via NFC
Improved Support for Windows Modern Devices
With the launch of MobiControl 13, we now provide support Windows 10 Mobile, Mobile Enterprise and IoT Mobile Enterprise operating system Editions on top of our previous support for Windows 10 Pro, Enterprise, Education and Home Editions. Windows 10 Mobile devices are managed from the Windows Modern platform, alongside Windows 10 Desktop, Windows Phone 8.0 and 8.1 devices. Due to operating system differences, not all features within the Windows Modern platform are available on every type of device.
All Windows Modern devices can now take advantage of the Microsoft Azure Active Directory (AD) service as an alternative to On-Premise AD. Azure enrollment allows end-users to enroll their devices over the air rather than requiring their presence on the company network. Secondly, Azure can streamline the MDM enrollment process as part of the out-of-the-box new device initialization workflow, if the device is initialized with Azure AD credentials.
Also new in MobiControl 13 is phase one of the Device Health Attestation feature which enables IT administrators to assess the security health of managed devices through MobiControl. Health is determined based on reports verified and published by the Microsoft Health Attestation Service which MobiControl displays in the device log. A device health reports is submitted by every device on each check in. Future phases will utilize the reported parameters for additional security compliance management features.
The following new features have also been added for improved Windows 10 support in MobiControl:
- Application Catalog Rule
- Modern Enterprise Applications for Windows 10 devices (Mobile and desktop)
- Enterprise Applications (Available for Windows Phone 8.1 only)
- New Device Configurations
- Application Run Control
- Authentication for Windows 10 Desktop
- Modern VPN (Legacy VPN available for Windows Phone 8.1 only)
MobiControl APIs
Customers can now use MobiControl APIs to create and integrate device management functions into their business workflows around inventory device management, data migration and device lifecycle management. Our set of RESTful web service APIs not only provides comprehensive documentation but also allows developers to immediately assess viability within their specific environments using an interactive test platform.
Package Deployment via Profiles
In MobiControl v13 the method by which administrators distribute packages to managed devices uses the profiles feature introduced in MobiControl v12. The new process creates a single point of origin for all your device provisioning. Packages are created and uploaded to MobiControl via the usual methods but are now deployed to devices from within a profile, alongside device configurations.
Redesigned Self Service Portal
MobiControl’s Self Service Portal grants end-users the ability to quickly and easily solve minor issues with their devices. End-users can locate, lock, wipe and perform other simple tasks for their associated devices, removing IT intervention from the process. Furthermore, new security permission levels within MobiControl allow administrators to limit how much access end-users have to Self Service Portals actions.
Upgrade Observations
Migrating Package Deployment Rules to Profiles
When you upgrade to MobiControl v13, your existing package deployment rules are automatically migrated to profiles. For more information about the migration process, see the Package Rules to Profiles Migration Guide.
Window Modern
- It is recommended that customers disable Runtime Provisioning during MDM enrollment of devices because it may cause interference during the enrollment process. Limit the use of Runtime Provisioning to pre-provision operations prior to MDM enrollment.
- The WiFi Hotspot Reporting setting in the Feature Control configuration has been deprecated by Microsoft.
- Enterprise Data Protection settings in the Feature Control configuration have been removed due to Microsoft postponing the launch of the feature.
Windows 10 Desktop
- The Enable Internal Storage Encryption setting within the Feature Control configuration for Windows 10 Desktop has been removed due to irregular behavior.
Upgrading to Android Marshmallow or Later
- The MobiControl Agent no longer users the WiFi Network or the Bluetooth MAC address to generate unique Device IDs. If devices running Android 6.0 or later are re-enrolled after a factory reset, those devices will appear as brand new devices within MobiControl.
- The MobiControl Agent prompts end-users for required permissions at first launch, rather than at install time. End-users will be unable to proceed with enrollment until all permissions are granted. If permissions are revoked at a later date, end-users will be prompted to restore the required permissions.
The Android for Work Agent is exempt from this behavioral change and silently self-grants any required permissions. - The MobiControl Agent automatically opts out of Google Cloud Auto-Backup
Platform Specific Features
Sony Android
The following device configurations were added to Android+ profiles and are specific to Sony devices:
- Added support for silent package deployment
- Added support for the following settings under the Device Feature Control configuration:
- Disable NFC
- Disable Cellular Data
- Disable Removal of MobiControl Agent
- Added support for the following options under the Email configuration:
- Exchange ActiveSync
- NitroDesk TouchDown
- Added support for the Certificates configuration
- Added device root status detection
-
Release v12.4 -- Build 30627 -- September 25, 2015
Revisions:
- v12.4 Maintenance Releases
- Original Release v12.4.0.30627 on September 25, 2015
Release Highlights
- Enhanced Apple iOS 9 Support
- Additional iOS Configuration Options
- iOS Activation Lock Bypass
- Cisco Identity Services Engine (ISE) Integration
Enhanced Apple iOS 9 Support
Apple iOS 9 provides updates to several features that allow greater flexibility in the management of mobile devices. SOTI is pleased to announce support for Apple iOS 9 with new features in MobiControl that empower MDM administrators and users with increased control over their devices and deployments.
Features available exclusively on iOS 9 devices include:
- Network Restrictions
Administrators can restrict the network access of specific applications - Application Management State Configuration
Additional iOS Configuration Options
Managing iOS devices is easier than ever with new configuration options:
- New Device Restrictions
- Manual Synchronization of DEP Server
- Device Wallpaper Customization
- Expanded Action Menu Commands
- Clear User Restrictions
- Set Device Wallpaper
- Set Device Name
- Per Message Encryption
Exchange ActiveSync now supports per message encryption using S/MIME - Managed Domains
Administrators can mark email and web domains as managed or unmanaged to the device user - Single Sign On Certificate Renewal Distribution
Renew certificates without device user interaction
Activation Lock Bypass
Activation Lock is an Apple security feature that restricts access to lost devices. Without the correct Apple ID and password, such devices are severely limited in their capabilities. Activation Lock serves as an extra layer of security for your devices. The Activation Lock Bypass allows mobility administrators to bypass the Activation Lock without keeping track of the various Apple ID and password combinations when transferring devices from one user to another.
Migration Considerations
If devices are being transferred from another mobility management solution to MobiControl, they must be factory reset to use Activation Lock Bypass. Attempting to wipe devices that are not factory reset before such migration can cause undefined behavior and may disable the device completely.
Cisco ISE Integration
Cisco Identity Services Engine (ISE) is a network administration product by Cisco that enforces network security and access policies. MobiControl has added integration with Cisco Identity Services Engine (ISE) to simplify secure identity and access management across diverse devices and applications.
-
Release v12.3 -- Build 28275 -- July 28th, 2015
Revisions:
- v12.3 Maintenance Releases
- Original Release v12.3.0.28275 on July 28th, 2015
Release Highlights
- Enhanced Apple VPP Support
- Microsoft Windows 10 Support
- Improved Android for Work Support
- HTML 5 Remote Control
- Performance and Scalability Improvements
Enhanced Apple VPP Support
The Apple Volume Purchase Program (VPP) provides a solution for organizations that need to distribute iOS applications to corporate-owned and employee-owned iPhones and iPads with a simple, convenient way of managing the purchase and distribution of application licenses at scale.
Apple provides two ways of distributing application licenses: Redemption Codes and Managed Distribution. MobiControl has supported the use of Redemption Codes since MobiControl v9.02 and it is still supported in this version of MobiControl.
With the addition of support for Managed Distribution, MobiControl now provides the following benefits:
- A centralized console to view up-to-date information on app availability
- Full lifecycle management of applications - from device deployment to decommissioning
- The ability to revoke and reassign applications from one user to another, maintaining ownership of application licenses
- Distribution of Business to Business (B2B) applications
Known Issues
- If VPP tokens are generated at different times from the same VPP account and are then uploaded to MobiControl, multiple VPP profiles may be created. This will be reflected in the Web Console as two different VPP accounts.
- Uploading an incorrect token for an existing VPP account causes undefined results. When uploading a new token, please ensure that the correct token is selected for the appropriate account.
- On iOS 7 devices, when the Apple ID changes and the country of the Apple ID remains the same, MobiControl will not be able to detect the change and no action will be taken to appropriately assign the application license to the new Apple ID on the device.
- An incorrect bundle ID provided for a B2B app will fail to install the application on the device.
Microsoft Windows 10 Support
One of the key goals of Microsoft Windows 10 is to unify the user experience across various types of devices that run on the Windows OS. The same convergence concept extends to device management. SOTI is pleased to announce Windows 10 Desktop support, offering many similar device management features previously available only on Windows Phone 8.1.
To align with Microsoft's unifying approach, we have renamed the Windows Phone tab to Windows Modern in the Web Console. An Add Device rule will enroll both Windows 10 desktops and Windows 8.1 phones.
Existing Windows desktop management features that rely on the SOTI agent are also available for Windows 10 desktops. The Windows Desktop tab has been renamed to Windows Desktop Classic.
The device management features for Windows Modern are similar on Windows Phone 8.1 and Desktop 10.
The following new features have been made available for Windows 10 Desktop:
- Certificate Management
- Device Feature Control
- Windows Defender administrative options
- Windows Updates administrative options
- Email Configuration
- WiFi Configuration
- Enhanced device user experience on enrollment certificate renewal.
Enrolled Windows 10 devices no longer require manual renewal of enrollment certificates. The server will attempt to renew the certificate on behalf of the device prior to the expiry date. - Visual hint to system administrators regarding the type of Windows devices enrolled.
Desktop devices enrolled as Windows Modern devices will have a desktop icon as opposed to a phone icon. Other non-phone devices such as tablets will be identified as desktops. - Device-type-sensitive payload selection for profile creation.
A drop-down menu has been added to the profile creation dialogue. A user will indicate the type of devices the profile is targeting using this menu, and only the list of applicable payloads for that device type will be presented. - Device information - new attributes added:
- BIOS and CPU type for Desktop
- Phone Number, IMEI, IMSI and roaming status for second SIM in dual-SIM devices
Known Issues
- Admin un-enrollment limitation .A desktop cannot be unenrolled remotely by the admin more than once. Should the device be unenrolled in this manner a second time, the device will not be able to enroll again until it is re-imaged. A suggested workaround is to get the desktop unenrolled by the device user.
- ROBO (Renewal-On-Behalf-Of). Auto renewal of MDM client certificate will fail if the device is enrolled with the user explicitly providing the MDM server URL (the non-auto-discovery scenario). To avoid losing the device, we recommend using client certificates with a long expiry date. A resolution is expected to be provided by Microsoft in a follow-up service release in the coming months.
- MDM Server Auto-Discovery in Cloud-based Deployment. This option is currently not supported in MobiControl Cloud. Microsoft MDM client security does not allow HTTP Redirect for a discovery request that is not of the same domain/sub-domain.
- Desktop Feature Control. Enable Internal Storage Encryption works only if BitLocker is enabled on the device. BitLocker is not enabled by default on desktops.
- Desktop MDM client does not check-in when the desktop device is in sleep or locked mode.
- A desktop device can be enrolled under both Windows Modern and Windows Desktop Classic concurrently and will consume two device licenses in that case.
- Web Console may become unresponsive when certain Windows Phone payloads are combined in a single profile. A browser refresh or relaunch of the Web Console is required to continue operation. Suggested workaround is to configure the payloads in separate profiles.
Improved Android for Work Support
The following new features have been added for improved Android for Work support in MobiControl:
- MobiControl administrators creating an Android for Work configuration profile can now add a Pulse Secure VPN payload.
- When an Android for Work managed profile is activated on a device, and the device user has added a Google account within the managed profile, the MobiControl agent detects the ID of the Google account and displays it in the Information panel in the MobiControl Web Console.
- After an Android for Work managed profile is activated on a device, and a Google account is added, the device user will be unable to remove or modify the Google account.
- The instructions provided in the Add Android for Work Enterprise Binding dialog box have been improved.
- A MobiControl administrator can now add a private app to an application catalog for Android for Work devices so that the app will be deployed only to devices that are in the administrator's domain.
- A MobiControl administrator now has the ability to enforce a policy in which device users can use their Google accounts only on Android for Work devices.
- During enrollment and activation of an Android for Work profile, the device user's Google account ID is passed by MobiControl so that the user name does not have to be entered manually.
Browser-based Remote Control
To open a remote control session for a device in previous versions of MobiControl, users had to download and install a separate Windows program. This version introduces a second option for MobiControl installations on Windows 8, Windows 10, or Windows Server 2012 R2 platforms: an entirely browser-based, lightweight and cross-platform version of remote control that uses HTML 5 technology. Unlike the classic version of remote control, this version does not rely on any browser plugins or external programs.
While it is faster and simpler to use, the browser-based version of remote control does not yet support all the features available in the Windows desktop-based version. Currently it supports only the following subset of features:
- Remote control a device using your keyboard and mouse
- Browse and download files from the device
- Display device information such as device memory and battery status
- Save screenshots of the device
- Reduce device screen resolution to improve performance on low-quality network connections
- Allow user to confirm a request to remote control their device
Performance and Scalability Improvements
MobiControl v12.3 includes the following improvements related to performance and scalability:
- New File Sync, which enables the system to optimize the usage of available resources and exploit network latencies to optimize server performance.
- 64-bit support and .NET Framework 4.5. As of version 12.3, MobiControl can be installed only on 64-bit versions of Microsoft Windows. See the MobiControl Pre-Installation Checklist for more information.
Upgrade Considerations
The initial release of MobiControl v12.3.0.28275 does not include the improvements delivered within Maintenance Releases of MobiControl 12.2. The first Maintenance Release for 12.3 is scheduled for delivery on August 10th, 2015 and will include these cumulative improvements.
In this version of MobiControl support for 32-bit versions of Microsoft Windows operating systems has been discontinued. This version of MobiControl can be installed only on 64-bit versions of Microsoft Windows. See System Requirements in the MobiControl online help for a complete list of supported Microsoft Windows operating systems.
-
Release v12.2 -- Build 23409 -- May 27th, 2015
Revisions:
- v12.2 Maintenance Releases
- Original Release v12.2.0.23409 on May 27th, 2015)
Release Highlights
SOTI hub
SOTI hub is a new MobiControl feature that enables employees to use their Android devices to access corporate files from outside the organization's internal network. SOTI hub has two parts:
- A SOTI hub app that is installed on the mobile device to enable the device user to access corporate files.
- A SOTI hub profile payload that is pushed to the device and that a MobiControl administrator can configure to control the SOTI hub app settings.
Files that you want to make available to the SOTI hub must be hosted in a content repository (an NTFS file server) that is accessible via an IIS WebDAV server.
Some of the key benefits of SOTI hub are:
- SOTI hub ensures that access to the corporate files is available only to employees' Android devices that are secured and managed by MobiControl.
- Access to corporate files can be immediately revoked, and cached copies of files within the SOTI hub can be wiped, either on-demand or based on predefined criteria (such as violation of the IT compliance policy).
- SOTI hub can be configured to require employees to log in using their LDAP credentials before they can gain access to corporate files.
SOTI hub App
The SOTI hub app is what you use on a mobile device to access corporate files. The SOTI hub app must be packaged using MobiControl Package Studio and pushed to mobile devices.
The SOTI hub app enables you to perform the following tasks on your mobile device:
- Navigate up and down content repository folders and view folder contents.
- Download and cache files.
- Open, edit, and delete files.
- Open files in third-party apps.
- View file details.
- Add files to favorite groups.
- Search for files by file name.
- Sort and filter files.
- Control the ability to download files over a cellular network.
- Control the ability to download files while roaming.
- Delete cached files to free space on the device.
For information about how to use the SOTI hub app, refer to the MobiControl online help.
SOTI hub Payload
The SOTI hub payload provides the configuration settings that are used by the SOTI hub app on the mobile device. You add the SOTI hub payload to a profile, then push the profile to a mobile device on which the SOTI hub app has been, or will be, installed.
The SOTI hub payload tells the SOTI hub app everything it needs to know to access the content repository, including:
- The URL of the content repository server that the SOTI hub app will contact.
- The method of authentication the SOTI hub app will use when contacting the content repository server.
- The username and password used to authenticate the SOTI hub application to the content repository server.
- How often the SOTI hub app will communicate with the content repository to refresh the contents.
- The amount of time that will elapse, during which the user has not interacted with SOTI hub, before the user is logged out of SOTI hub.
- Whether devices are required to communicate with a MobiControl Enterprise Resource Gateway to access the content repository.
- Whether devices are able to download content over a cellular network.
- Whether devices are able to download content while roaming.
For information about the configuration settings available in the SOTI hub payload, refer to the MobiControl online help.
Enterprise Resource Gateway
The Enterprise Resource Gateway is a new MobiControl component that enables you to control Internet traffic using a proxy server. The proxy server acts as a single point of contact – a gateway – serving client requests. The proxy server authenticates each request and forwards it to the desired destination server.
Enterprise Resource Gateway Properties
After you have installed the Enterprise Resource Gateway on a server, you can set various properties for it, such as:
- The name and URL of the Enterprise Resource Gateway instance.
- The type of filtering you want the Enterprise Resource Gateway to do: Exchange Server for emails, or Content Repositories for files.
- Whether to enable Secure Email Access.
For information about the steps required to set up the Enterprise Resource Gateway, refer to the MobiControl online help.
Settings Manager
The Settings Manager is an application that enables a MobiControl administrator to provide controlled access to a subset of device settings when a device is in lockdown mode. The types of device settings that can be controlled via the Settings Manager are:
- Display
- Sound
- WiFi
- Bluetooth
In MobiControl v12.2, the Settings Manager is supported on Android and Android+ devices only. The device must be enrolled in MobiControl v12.2 using a v12.2 device agent and have a lockdown policy applied.
You upload the Settings Manager to a device as an installable package that has been created using MobiControl Package Studio. Once the Settings Manager has been installed on the device, you can push customized settings to the device.
For information about how to install, configure, and enable the Settings Manager, refer to the MobiControl online help.
Upgrade Observations
MobiControl v12.2 features updated generic Android and Android+ agents, so after upgrade to 12.2 these agents will require an upgrade, unless server-agent compatibility settings are updated.
Android for Work agent will not require an upgrade, but is presently not compatible with SOTI hub and the Settings Manager.
-
Release v12.1 -- Build 22392 -- February 27th, 2015
Revisions:
- v12.1 Maintenance Releases
- Original Release v12.1.0.22392 on February 27th, 2015
Release Highlights
- Android for Work
- Apple Device Enrollment Program Support
- New Samsung KNOX 2.0+ Features
Android for Work
Android for Work is a Google - led initiative to build a standardized framework for management of Android devices. It allows administrators to securely deploy email, applications and content within an encrypted secure workspace on any Android device regardless of the OEM.
MobiControl v12.1 supports creating and managing of an Android for Work Managed Profile and related policies on supported Android devices running Android 5.0 or higher.Application Management is available via Google Play on Android for Work enabled devices. Administrators must 'approve' applications within the Google Play for Work portal. Once an application is approved, it can be added to an App Catalog Rule within MobiControl.
Added Support for Google Play for Work Apps in App Catalog Rule
- Silent application installation for mandatory applications
- Display App Catalog Rule as App Collection within Google Play on end-user's devices
- App Configuration support
Note: APK deployment via Packages is not supported within Android for Work.
Added Support for Android for Work Agent to Android+ Add Device Rule Agent Selection
Android for Work can be activated on a device via the MobiControl for Android for Work agent. The Android for Work agent is hosted exclusively in the Google Play Store.
Android for Work Managed Profiles are activated automatically after enrollmentNote: The MobiControl agent migrates into the Managed Profile after it is created. Device-level policies are limited within a Managed Profile.
Android for Work Policies
Android for Work policies can be deployed via Android+ Profiles dialog by selecting «Android for Work».
Available policies include and are not limited to:- Authentication Policy
- Anti-Virus Policy
- Certificate Management & Distribution
- Chrome Management
- Browser Restrictions such as Disable Password Saving, Default Search Provider, Disable JavaScript, Disable Cookies etc
- Bookmarks are saved directly to the Managed Chrome Browser under "Managed Bookmarks"
- Web Filter allows saving URL Whitelist/Blacklist payloads (includes support for wildcards)
- Web Proxy allows all traffic within Chrome to be routed via Proxy (includes support for PAC File configurations)
- Device Actions
- Lock Device
- Disable Android for Work Profile
- Wipe Android for Work Profile
- Device Controls
- Disable Screenshot
- Disable Copy/Paste
- Disable Uninstallation of Managed Apps
- Disable End-User Un-Enroll
- Email (PIM Configuration)
- Out of Contact Policy
- WiFi (Including Enterprise WiFi)
Click here to learn more about Android for Work.
Apple's Device Enrollment Program (DEP)
MobiControl's support for Apple's Device Enrollment Program provides a seamless out of the box enrollment experience for institutionally owned iOS devices.
- Automatically enroll device to MobiControl during initial device setup and subsequent factory resets
- Optionally prevent removal of the MDM management profile
- Optionally supervise device during enrollment
- Control whether device can pair with computers
- Customize various screens shown during setup assistant, for example passcode, registration, location based services, etc.
Click here to learn more about Apple's Device Enrollment Program (DEP).
Samsung KNOX 2.0+ Features
The following Samsung KNOX 2.0 and KNOX 2.2 features have been added:
- Support for On-Premise KLMS Key Activation (Requires KNOX 2.0+)
- Support for On-Premise Custom ELM Key Activation (Requires KNOX 2.0+)
- Split Billing (Requires KNOX 2.2+)
Click here to learn more about Samsung KNOX.
Upgrade Observations
Please note that Android+ profile wizard dialog now includes a drop-down menu to select Android+, Samsung KNOX or Android for Work payloads.
-
Release v12 -- Build 18541 -- December 19th, 2014
Revisions:
- v12.0.0 Maintenance Releases
- Original Release v12.0.0.18541 on December 19th, 2014
Release Highlights / Notes
- Enhanced Device Configuration via “Profiles”
- Enhanced Device Enrollment
- MobiControl Stage
- Windows Phone 8.1
- Zebra Printer Integration
New Features
Enhanced Device Configuration via “Profiles”
“Profiles” re-designs the creation and distribution of device configurations in MobiControl. A Profile is a named collection of device configurations that represent a user persona or common configurations. Profiles provides the following enhancements to device configuration:
- Improves visibility of device compliance by providing a versioned installation status of a Profile across all targeted devices.
- Assign a profile to devices matching properties such as manufacturer, model, OS version, installed applications, etc.
- Assign a Profile to devices where the associated user is a member of one or more LDAP groups. Exclusion of members based on LDAP groups is also available.
- Schedule deployment and subsequent revocation of a Profile.
- Extended security model provides greater flexibility for administrative roles to manage specific profiles.
- Optionally delegate the installation of a Profile to the device user through the “Profile Catalog”.
Enhanced Device Enrollment
Modifications to device enrollment reduce administrative burden and lessen the complexity of end user device enrollment by introducing the following enhancements:
- Reduces the need for multiple Add Devices Rules by mapping LDAP groups to Device Groups in a single rule.
- Provides a single enrollment URL for end users to initiate enrollment with on-screen step-by-step enrollment instructions for iOS, Android, and Windows Phone.
- Restricts enrollment to approved OS versions.
MobiControl Stage
MobiControl Stage is a rapid provisioning solution that allows for immediate “out-of-the-box” device set up. MobiControl Stage supports rapid staging for Android and Windows Mobile/CE.
- Expedites the enrollment and initial provisioning by scanning barcodes to configure network connectivity and download the MobiControl device agent.
- Reduces bandwidth overhead by provisioning devices directly from a local HTTP or FTP server.
Windows Phone 8.1
Introduces support for managing Windows Phone 8.1 devices including but not limited to:
- Managing additional device configurations such as VPN, WiFi
- Distribution of Certificates via SCEP
- Additional actions commands such as Remote Ring, and Remote Lock
- Inventory of additional device properties such as Phone Number, IEMI/IMSI numbers, encryption status, roaming status
- Support for requesting a device to checkin via Windows Notification Services
- Installation of Enterprise Applications
- Password Caching
- Additional Feature Controls such as:
- Disable Idle Return Without Password
- Disable Action Center Notifications
- Disable Voice Recording
- Disable "Save as" option for Office files
- Disable Cortana
- Disable Syncing of Settings
Zebra Printer Integration
MobiControl 12 introduces support for managing Zebra WiFi and Ethernet-connected printers including:
- Distribution of configurations such as network, printer labels, fonts, etc.
- Maintenance tasks such as firmware upgrades, executing test prints, and gathering logs etc.
- Configuration of alerts based on various printer attributes.
Migration of Device Configurations to Profiles
During upgrade Device Configurations are applied via Right-Click (on Device Group) > Configure on Device Groups will be migrated to individual “Profiles”. Prior to upgrading review the “Device Configuration to Profiles Migration Guide”.
MobiControl Manager aka “Thick Console” has been discontinued
MobiControl Manager has been discontinued and is no longer supported or compatible with MobiControl 12.
Console Security
- “Anonymous” authentication to the Web Console has been removed.
Users will be prompted to provide a password for a default account with the username “Administrator” if console security was not enabled prior to upgrade. - Console Security settings have been relocated to All Devices > Servers > Global Settings.
Duplicate Device Groups Renamed
- Device Groups with non-unique names found in the same path will be renamed by appending a numerical value to the end of the Device Group in the order the groups were created.
- The system will not prevent you from creating Device Groups with the same name in the same path.
Windows Phone 8.0 Support
- Windows Phone 8.0 devices that are not upgraded to Windows Phone 8.1 prior to upgrading MobiControl cannot receive new device configurations and will need to re-enroll.
Relocation of iOS Settings
- Roaming Restrictions have been moved to Right-Click (on Device Group) > Advanced Settings.
- Application Run Control have been moved to Right-Click (on Device Group) > Advanced Settings.
Discontinued device-specific support
Support has been discontinued for Pocket PC and Smartphone 2002 devices with MIPS, SH3, SH4 and eVC3 processors.
Installation Improvements
- MobiControl installer will now only disconnect database connections when there is a database schema update required. If necessary, users can force an update of the scheme in the Advanced section of the installer.
Forced SSL Agent Communication
- Removed the ability to disable SSL for Agent communication.
TCP/IP (Direct) Deprecation
- Removed support for establishing a direct remote control session between the Remote Control console and a device (TCP/IP Direct)
General Features & Improvements
- Improved system event logs by logging the username “System” rather than the local computer user the service is running under.
- Introduced new Global Permission to allow users to “Show absolute device group paths”. Users with this permission will see (but not access) the full device group hierarchy that leads to the device groups they have “View” permissions for.
- Introduced option in the Add Devices Rule > Advanced card to “Preserve Device Location on Re-enrollment”. Devices that are present in the Web Console, but are re-enrolling will remain in the Device Group they last resided. In other words, the Device Group Targets defined in the Add Devices Rule are ignored.
- Enhanced Relocation Rules to allow mapping multiple IP ranges to a single mapping entry.
- Introduced device action in the Self Service portal and the Web Console under Right-Click (on device) to explicitly Un-Enroll a device.
- Introduced customizable LDAP refresh interval in the All Devices > Servers > Global Settings section. LDAP directory information including group memberships will be updated for each device when it checks in and the data is stale.
- Added option in All Devices > Servers > Global Settings> LDAP Connections to “Follow LDAP Referrals”. When selected MobiControl will follow LDAP referral provided by the initial LDAP server, or by attempting to discover referrals.
- Added option in All Devices > Servers > Global Settings> Self Serve to optionally delete devices from the Web Console when un-enrolled by the end user.
- Extended support to iOS and Windows Phone for deleting devices that have been out of contact after a specified period of time.
- Added “Global Proxy” option to All Devices > Servers > Global Settings that configures the management service to communicate through an HTTP(s) proxy.
- Added support for adding applications from Amazon’s App Store to Android+ App Catalog Rules.
- Added support for logging the reason why a Web Console administrator’s account was un-locked.
- Enhanced Virtual Groups to support filtering devices by Installed Application and LDAP Group memberships.
- Added ability to collect and submit Diagnostics Report from within MobiControl Web Console.
- Improved Activity Logs for users to reflect such activities as logins and logouts, creation, modification and removal of policies, users, rules, devices and device groups, and changes in global settings and license information.
- Added "Prevent un-enrollment" option to “Agent Settings” dialog.
Platform Specific Features
iOS
- The server will now request un-enrollment when the user initiates un-enrollment via the MobiControl app for iOS.
- Introduces support for selection of the certificate template to define the certificate issued to the MobiControl app for iOS.
- App Catalog Web Clip is now optional and is deployed as Profile named “App Catalog”.
- Enhanced Custom Profiles to support the resolution of macros.
- Removes erroneous “Define” setting from the Restrictions payload.
- Adds option under Right-Click (on Device Group) > Advanced Settings > Agent Settings to “Prevent Un-Enrollment from Device Agent”.
Android
- Introduces support for selection of the certificate template used to issue the certificate to the Device Agent.
- Adds option under Right-Click (on Device Group) > Advanced Settings > Agent Settings to “Prevent Un-Enrollment from Device Agent”.
- Adds option in WiFi device configuration to verify the certificate of the enterprise wireless network.
- Enhances Agent-based enrollment by optionally enrolling using the MobiControl Device Management Address (DMA).
- Adds Android+ support for the following Android manufacturers:
- BQ
- Kyocera
- Sony
Samsung
The following device configuration features were added to Android+ profiles and are specific to Samsung devices only:
- Added support for the following configurations under the Device Feature Control payload:
- Prevent enrollment when not running as the main user
- Restrict firmware recovery
- Disable hardware keys on Samsung via SCRIPT
- Introduces support for managing Bookmarks in the native web browser
- Extends the Certificate device configuration payload to allow “Interactive Certificate Installation”
Zebra (Motorola)
The following device configuration features were added to Android+ profiles and are specific to Motorola devices only:
- Added support for the following configurations under the Device Feature Control payload:
- Certificate Installation
- Disable Hardware Keys
- Disable USB Mass Storage
- Disable USB Debugging
LG Android
The following device configuration features were added to Android+ profiles and are specific to LG devices only:
- Added support for the following configurations under the Device Feature Control payload:
- Disable access to device settings
- Encrypt External Storage
- Disable Home Key
- Disable Media Player
- Disable Bluetooth Data Transfer
- Disable Cellular Data
- Ability to define agent certificate on enrollment
- Removes the Connection Security configuration which allowed to disable SSL
-
Release v11 -- Build 14250 -- May 7th, 2014
Revisions:
- V11.0.3 Maintenance Releases
- V11.0.2 Maintenance Releases
- V11.0.1.14250 Maintenance Releases
- V11.0.1.14221 Maintenance Releases
- Release v11.0.0 build 12975 on January 10th, 2014
Online Help
Online Help resource about MobiControl's main components.
Release Highlights / Notes
- Support for iOS 7 MDM features including App management, data leakage prevention from Managed Apps, and the management of device features such as Touch ID.
- Support for Samsung KNOX including containerization of enterprise data, and increased device security and integrity monitoring.
- New App Configuration methods including native iOS 7 App Config, URI based configuration for both Android and iOS App Catalogs, and the ability to script Android intents.
- Support for managing Windows Phone 8 devices.
- Support for managing Amazon Kindle HDX devices.
- Improved Self Service Portal design including custom branding options.
- Support for scheduling administrative reports.
- Multi-file upload functionality in the Content Library.
New Features
Windows Phone 8 Features
Introduces support for the enrollment and management of Windows Phone 8 (WP8). Enrollment of devices can be initiated directly from the “Company Apps” section of a WP8 device and does not require an agent.
- During enrollment, automatic discovery of the target device group will occur based on the LDAP group matched against available add device rules.
- The WP8 > Information Panel will display inventory of device attributes such as Model, OS Version etc.
- Support for distribution of an in-house “Company Hub” application during enrollment is provided under All Devices > Servers > Global Settings. Development of a Company Hub requires registration with Microsoft and a Symantec Code Signing Certificate. Refer to http://dev.windowsphone.com, or contact SOTI Support for more details.
- The following policies can be configured under the Device Configuration section:
- Device Authentication Policy including complexity, history, and enforcement.
- Device Feature Restrictions for disabling access to the SD card and enforcing device encryption.
- Distribution of public-keyed certificates.
- Distribution of email configurations for POP, IMAP, and Exchange.
- Support for a Full Device Wipe or Device Lock is provided as a Right-Click (on device) > Action option.
Apple iOS
- Two new App Configuration methods are available for iOS under the Application Configuration button within an App Catalog rule.
The “Configuration Command” leverages the native and automatic configuration for iOS 7 apps, whereas the “Configuration URI” option supports a broader range of operating systems and is initiated by the end user from the App Catalog webclip. - Added the following MDM payloads to the Device Configuration section.
- Single Sign On
- Web Content Filter with Adult Content filter and Whitelisting/Blacklisting that applies to Safari and 3rd party browsers obtained from the App Store.
- VPN (Per App)
- AirPlay for the configuration of mirroring destinations and passwords
- AirPrint for the configuration of print resources
- Fonts for installing custom fonts
- Updated WiFi configuration to support Hotspot 2.0 configuration parameters
- Adds Global HTTP Proxy support (iOS 6)
- Single App Mode (iOS 6) including iOS 7 enhancements
- “Feature Control” policies under Device Configuration has been reorganized and renamed to “Restrictions”.
- Add Device Rules now include the ability to customize the device’s client certificate obtained during enrollment, allowing the selection of an external Certificate Authority.
- The Right Click (on device) > Action > Device Lock action has been extended to optionally allow for the customization of the lock screen to include a phone number and a custom message useful when attempting to retrieve lost or stolen devices.
NOTE: With the appropriate cellular access the phone number can be dialed from the lock screen. - Support Contact info under iOS > Right Click (on Device Group) > Advanced has been extended to customize MDM dialogs. For example, App Installation prompts will now show the “Company Name” instead of the server URL.
- Added the following configuration options to the Restrictions payload under the Device Configuration section:
- Disable Account Modifications
- Disable AirDrop
- Disable App Cellular Data Usage Modification
- Disable Siri User Generated Content
- Disable Find My Friends Modification
- Disable Touch ID (fingerprint scanner) to unlock device
- Disable Host Pairing
- Disable Control Center on Lock Screen
- Disable Notification View on Lock Screen
- Disable Today View on Lock Screen
- Disable Open From Managed to Unmanaged
- Disable Open From Unmanaged to Managed
- Disable OTA PKI Updates
- Permitted Apps for Autonomous Single App Mode
- Force Limited Ad Tracking
- Disable Bookstore (iOS 6)
- Disable Erotic Books (iOS 6)
- Disable Game Center (iOS 6)
- Disable Interactive Profile Installation (iOS 6)
- Disable App Removal (iOS 6)
- Allow Shared Photostream (iOS 6)
- Disable Siri Profanity Filter (iOS 6)
- Disable Siri While Device is Locked (iOS 6)
- Show Passbook notifications when locked (iOS 6)
- Added the following device attributes in the iOS > Information Panel, and as triggers for Alert Rules:
- Whether Find My iPhone is enabled
- Whether a device is Supervised
- Whether iTunes account is logged in
- Whether Do Not Disturb is enabled
- Whether Personal Hotspot is enabled
Samsung KNOX
Samsung KNOX provides an OS level container for separating work data including email, contacts, and even applications. Additionally KNOX provides enhanced device security, 3rd party attestation of security status, and real time monitoring of device integrity.
KNOX is enabled under the Android Device Configuration section, and includes the following features when a value-added per user KNOX license is present:
- Container-level features:
- Enforcing Passcode policy including complexity and container timeouts.
- Configure containerized POP, IMAP, and/or Exchange email with forwarding restrictions.
- Configure Apps for Single Sign On.
- Configure Browser Policy.
- Perform Silent installation, inventory, and blacklist of KNOX Apps.
- Configure VPN for KNOX container or on Per App basis (requires installation of service APK).
- Remotely Lock/Unlock container.
- Restriction to Disable Camera while in container.
- Restriction to Disable Share via List while in container.
- Restriction to Use Secure Keypad while in container.
- Restriction to Disable addition of new email accounts.
- KNOX Device-level features:
- Enforce CAC Authentication for the lock screen, browser, and VPN
- Use of “Attestation” to verify the authenticity of a hardware key that was fused in the device during manufacturing in order to prove the device is not, and has not ever been “rooted”. Devices whose key is invalidated because of “rooting” will be flagged in the Android+ > Information Panel, and through Alert Rules.
- Integrity Service (requires installation service APK) performs an initial baseline scan of the device and applications, and continuously monitors for changes that would indicate the device was compromised.
- Configure Alert Rules to be notified of any integrity violation.
Android Features
- Introduces ability to send intents via Right Click (on device) > Send > Script to trigger App behavior and/or configure the App.
- App Catalog now features the ability under the Application Configuration section to provide a configuration URI that allows an end user to initiate the configuration of an installed App.
- The MobiControl agent now includes Filter/Sort capabilities in the Content Library and App Catalog.
- Adds support for a custom value for the Maximum Screen Timeout values in the Authentication Policy.
- Adds Call Log as a Data Collection Rule option.
- Added a report for data usage on a per-application basis.
- Adds additional device script commands including:
- Power off device
- Wake device on schedule
- Enable/disable WiFi radio
- Enable/disable Cellular radio
- Lockdown can now launch .cmd file from lockdown for the purpose of executing pre-defined scripts.
- Adds support for Android KitKat OS (4.4.2) in 11.0.1.14221.
Samsung Android
The following features were added to the Device Configuration section of the Android+ tab and are specific to Samsung devices only:
- WiFi Hotspot for configuring a device’s hotspot remotely
- Device Restrictions
- Block OS Upgrade
- Disable Voice Dialer/S-Voice
- Disable Multi-Window
- Disable USB On-the-Go
- Disable addition of new email accounts
- Disable Incoming SMS Messaging
- Disable Outgoing SMS Messaging
- Disable Incoming MMS Messaging
- Disable Outgoing MMS Messaging
- Prevent Uninstallation of Managed Apps
- Disable Portal WiFi Hotspot Changes
LG Android
Support for the following device restrictions has been added for LG Android devices:
- Disable Voice Dialer
- Disable GPS Mock Locations
- Disable Microphone
- Disable NFC
- Disable USB Debugging
- Enforce GPS
- Disable Bluetooth Tethering
- Disable WiFi-Tethering/Portal WiFi Hotspot
- Enforce Minimum WiFi Security Level
- Prevent Uninstallation of Managed Apps
- Disable Outgoing SMS Messaging
Motorola Android
Support for the following features has been added for Motorola Android devices:
- Adds support for SD Card encryption
- Adds support for distribution of private keyed certificates
- Adds support for configuring system settings via MX XML
Extended Features
- Add Device Rules now include an option to Cache Password to improve user experience during enrollment.
When configured the password used for authentication will be used for initial device configurations such as Email, WiFi, and VPN, and then is discarded. - Added support in the Add Device Rules for restricting enrollment to one or more approved LDAP groups.
- Added support for customizing the naming convention of devices used during enrollment through an Add Device Rule.
- Added manual configuration support for authenticating to the Web Console using Windows NTLM or Kerberos authentication.
- Added manual configuration support for authenticating iOS device communication through a reverse proxy which forwards NTLM or Kerberos credentials.
- Added support for retrieving Custom Data from XML files in Data Collection Rules.
- Introduced Cloud Link as replacement to “Connection Proxy” to extend corporate resources such as LDAP and Certificate services to MobiControl Cloud. Cloud Link can be configured under All Devices > Servers.
- MC Admin now provides support for customizing the SSL certificates used by the Deployment Server allowing for the use of trusted and/or enterprise certificate authorities.
- Enhanced security during initial untrusted SSL communication between device agent and the MobiControl server.
NOTE: Users are allowed to make trust decisions on initial enrollment if using an untrusted SSL certificate, and where the SOTI Enrollment service is not utilized. - Enhanced audit trail of user performed and server-initiated actions in the Events Panel of the Web Console.
- Certificate Services now includes support for requesting certificates from a SCEP server on behalf of a device.
- Certificate Services now provides the option of specifying Subject Alternative Names in certificate requests.
- Certificate Services for ADCS over HTTPS now supports Kerberos authentication.
- Certificate Services added support for publishing issued certificates to LDAP server of authenticated user.
- Provided more granular log and alert truncation options, configured under All Devices > Servers > Global Settings.
- File Sync Rules now support providing network credentials in UNC paths.
- Added LAN Connection as a network requirement for Package Deployment Rules.
- During package installation, the destination directory will now be created during deployment if it doesn’t exist.
- Relocation Rules now support Device Group targets, and no longer apply globally.
- Alert Rules have been expanded to support the variety of following triggers including but not limited to:
- SIM Card Change
- SIM Card Inserted
- SIM Card Removed
- ELM Activation Errors
Extended Features - Web Console
- During device deletion the administrator can now choose to revoke issued device certificates.
This functionality requires integration with an enterprise CA using DCOM. - Improved the license information screen to show breakdown of license use by OS.
- Logged on administrators and their IPs are now shown under All Devices > Servers.
- Event Log Panel now includes a filter to view User or Device - generated events individually.
- Console Security now includes a feature for controlling the administrative view of installed applications.
- Console Security now allows for multiple LDAP servers to be used for authentication to the Web Console.
- Deployment Server (DS) and Deployment Server Extensions (DSE) logs are now available for viewing from the ? menu.
- Customizations to the device grid columns are now persistent across browsers based on authenticated user.
- Web Console will now warn of APNS expiry 30 days in advance upon logging into Web Console.
- Sending an SMS message will save the telephone number entered for subsequent use.
- Public Web API has been extended to support sending scripts, including a message.
Windows Mobile/CE Features
- Added support for Cold (CE) Clean (Mobile) boot on Motorola devices.
- Added support for persistent storage of packages on Motorola devices.
Upgrade Observations
ELM Agent for Samsung Android
After upgrade, Samsung Android devices with MDMv4 capabilities will receive a new type of Device Agent during enrollment, referred to as the “ELM Agent”. Without compromising management functionality, Samsung’s Enterprise License Manager (ELM) allows SOTI to deliver timelier updates of the device agent in order to serve our customers better. The following observations however should be considered before upgrading MobiControl:
- The ELM Agent requires Internet connectivity during enrollment, and periodically thereafter, to validate MDM licensing against Samsung servers.
- End Users will be required to accept a privacy dialog during enrollment to acknowledge that non-identifying device information will be used to perform MDM license validation.
- Migration to the ELM agent for devices with MDMv4 capabilities is advised for all devices currently enrolled in the system. A Right-Click (on device) > Agent Update > Migrate to ELM Agent option has been added to the Web Console to initiate the migration process. Migration may temporarily roll back policies and will require end user action as described above.
- The Web Console will show the agent type installed on each device under the Android+ > Information Panel. “ELM” represents the new agent while “Signed” is used to represent the older agent.
- The “Signed” agent is still available for download and manual installation under Android+ > Rules > Add Devices > Right Click (on rule) > Download Device Agent but is deprecated for Samsung devices with MDMv4 and higher, and may not be included in future releases.
Virtual Group Behavior Modification
Virtual Groups created in v11 will only include devices that reside in the parent Device Group(s) for which the Virtual Group also resides. That is to say, if you nest a Virtual Group in a Device Group, the scope of the Virtual Group is limited to the parent Device Group(s). Existing Virtual Groups will maintain the old functionality until deleted.
- V11.0.3 Maintenance Releases
-
Release v10.0 -- Service Pack 1 -- August 27th, 2013
Release Highlights
- iOS7 Compatibility
- Enhanced Support for Motorola Android Devices
- Assorted Bug Fixes
iOS7 Compatibility
In line with Apple’s iOS 7 update, MobiControl v10 R4 has been updated to streamline the enrollment process while implementing new app configuration methods. This new enrollment process requires that both components; MobiControl Server, and the MobiControl App be updated to the latest versions.
The new iOS enrollment process places more emphasis on using the enrollment URL rather than an enrollment ID. By using an enrollment URL, users can take advantage of automatic App configuration, rather than typing an enrollment ID:
Old Process (Agent)
- Open App Store
- Install MobiControl App
- Enter Enrollment ID from Add Rule
- Management Profiles Installed
- Device Successfully enrolled
New Process
- Go to Enrollment URL (Add Device Rule)
- Install Management Profiles
- User is Prompted, Installs MobiControl App
- Device Successfully Enrolled
- MobiControl App is automatically configured after install
Symptoms and solutions for challenges relating to these changes:
- MobiControl App continuously asks for device enrollment
- MobiControl Server and/or App being out of date
- MobiControl App indicates successful enrollment, but indicates the server is outdated
- MobiControl v10 R4 SP1 must be applied to the server
- MobiControl App requests users to reinstall the app
- User will be required to delete the pre-existing MobiControl app and install the updated MobiControl App when prompted. This newly installed app will be managed by MobiControl’s profiles and configured on install
-
Release v10.00 -- Build 9329 -- January 7th, 2013
Upgrade Observations
- After upgrade all LDAP connections will require re-configuration of Base DN and Authentication Type
- If using LDAP Authentication for Console Security, ensure that the local administrator account is known prior to upgrading
- After upgrade Console Security must be managed through Web Console (option has been removed from MobiControl Manager)
Release Highlights
- Introduces completely redesigned Apple® iOS and Google Android™ device agents featuring:
- Content Library
- Application Catalog
- Support Contact Details
- Terms & Conditions
- Message Center
- Location Discovery (iOS)
- Device Configuration Summary
- Introduces Secure Content Library with support for:
- Pushed or On Demand distribution of content to device agents
- Effective and Expiration dates for distributed content
- File Sharing Restrictions (iOS)
- Content Categorization
- Versioning
- Introduces Telephone Expense Management with support for:
- Monitoring, reporting, and alerting on Data usage (All Mobile Platforms) and Voice usage (Windows Mobile, Android)
- Adds support for Phone Call Policy and Call Logs (Android)
- Introduces Certificate Management with support for:
- Device certificate inventory
- Integration with Microsoft PKI (ADCS), and Entrust Certificate Authorities for the request and subsequent distribution of certificates (All Mobile Platforms)
- Support for dynamic and static-challenge SCEP payloads (iOS)
- Automatic certificate renewal
- Certificate revocation (when using ADCS via DCOM)
- Association of Certificate to WiFi, VPN, Email Device Configurations for Authentication or Encryption
- Introduces customizable and versioned Terms & Conditions for end user acceptance during enrollment
- Introduces Speed-sensitive Lockdown to customize Lockdown screen when device is travelling faster than defined speed (Android, Windows Mobile)
- Enhanced Remote Control featuring BlitFire 10x for up to 10x faster Remote Control
- Remote Control Console now opens as an applet, and is no longer IE-dependent
- Remote Control Console will attempt to detect the device model and choose the appropriate device Skin (available in most cases)
- Introduces Anti-Virus/Malware protection via WebRoot (Android)
- Introduces Categorized Web Filtering via WebRoot (Android)
- Adds support for Microsoft®Windows 8 Desktop
General Features
- Enhancements to LDAP integration to support manual specification of Search Patterns and LDAP attributes. Includes support for Open Directory, Domino and other LDAP servers.
- Optimized performance of File Transfer protocol
- Adds support for sending a message to the Device as an Alert Rule action
- Adds support for Management Service to communicate outbound through a proxy via configuration file entry
- Adds support for Geofence under Alert Rules (Android, iOS)
- Enrollment can now be achieved without Enrollment service by entering Server Address, Rule Tag and Site Name (Android, iOS)
- Redesigned Installer featuring detection of current installed state to streamline installation / upgrade process
Web Console Features
- Introduces Custom Attributes to support adding additional fields to Web Console
- Redesigned Device Configuration panel (formerly Security Center)
- Adds support for applying Notes to Device Groups and Virtual Groups
- Introduces support for using Macros in Device Configuration dialogs that require values for Username and Email
- Minor changes to Rule cards to streamline configurations
- Web Console will now display a device’s associated user in the Info Panel
- Introduces dialog for manually changing a device’s user association
- Added support for creating and editing "Filter" views
- App Catalog configuration now supports discovery of Apps through Google Play (Android)
- Introduced "Configuration Policies" info panel to indicate the Device Configurations assigned to device.
- Agent Connected/Disconnected state is now shown indicating how long the Agent has been in this status
- Global Settings now displays the Database Connection String
- Adds support for opening all Info Panels in Maximize View
- Introduces method to dismiss yellow console alerts
- Web Console URL address can now be customized during installation
- Added additional Console Security permissions related to new features
- Introduces progress bar during Agent Creation when using Agent Builder Service
- Device Info Panel now indicates the active connection type (WiFi/3G etc.)
- Passcode status is now displayed in the Info Panel (Android)
- Internal/External Encryption status is now displayed in the Info Panel (Android)
- WiFi signal is now displayed in percentage (%) as well as dB. (Windows Mobile, Android)
- Hardware Serial Number and OEM Version are now displayed in the Device Info Panel for Android+ devices
- Add Device Rule filters now support filter by IP Address (iOS, Android), removes filter option for “Agent Name” (Windows Mobile)
- Renamed Right-Click option “Refresh Device Status” to “Request Device Check-In” to adequately represent the action’s behavior
- Reorganized Right-Click menu options on Device Group level
- Adds additional Device Statuses to Alert Rule triggers such as IP Address, Cellular Carrier, OS etc. (Android, iOS)
- Introduces a Device Tree legend to describe selection colors
- Introduces support for searching for Device Groups
Apple® iOS Features
- Added the following iOS Device Configurations:
- LDAP
- CalDAV
- Subscribed Calendars
- Additional VPN configurations (F5, SonicWall, Aruba VIA, Custom SSL)
- Introduces support for installing manually-crafted "Custom Profiles"
- Introduces support for automated enrollment via Apple Configurator via .mobileconfig files
- Location Services now includes an option to configure GPS Accuracy vs Battery Performance (GPS Mode vs Significant Change)
- Introduces new APNs Certificate Signing utility for issuing and renewing APNs Certificates
- iOS Agent will now re-launch after enrollment process is complete when enrollment is initiated through Agent
Google Android™ Features
- Adds support for Time Sync policy
- Adds support for Custom Data
- Adds support for Out of Contact Policy
- Adds support for Device Relocation rule
- Introduced the following functionality via script commands
- Restart device agent (restartagent)
- Switch agent between foreground/background mode (foregroundmode enable|disable)
- Create directory (mkdir, md)
- Launch an application (start)
- App Whitelisting (see online help)
- Introduces support for executing an Intent from a Lockdown screen
- Adds support for manual distribution of certificates (Samsung, LG, and Motorola for certificates containing only a public-key)
- Introduces persistent storage support for Motorola Android-based devices
- Introduces Pending Actions panel for awaiting user actions such as starting Encryption Process or Passcode Policy. Pending Actions panel will “Nag” user to perform these functions.
- Adds support for GCM as C2DM has been deprecated by Google
- Introduces utility to configure WiFi while in Lockdown
- Introduces utility to configure Passcode while in Lockdown
- During Enrollment Device Administrator is now silently "Activated" when device agent is obtained from Deployment Server. Adds flag in mcsetup.ini file to alter this behavior.
- Android+
- Added support for the following Feature Restrictions for devices supported under Android+ other than LG and Samsung:
- Bluetooth
- Disable outgoing calls via Bluetooth (ICS+)
- Disable Bluetooth Discoverable mode (GB+)
- Disable Bluetooth Tethering (ICS+)
- Disable Bluetooth Desktop Pairing (GB+)
- Disable Bluetooth Tethering (ICS+)
- Disable Bluetooth Pairing (GB+)
- Allow Limited Bluetooth Discoverable mode (ICS+)
- WiFi
- Disable WiFi-Profiles (GB+)
- Disable WiFi Profiles Changes (GB+)
- Enforce Minimum WiFi Security Level (GB+)
- Disable WiFi tethering (GB+)
- Disable Cellular Data (GB+)
- Disable Clipboard (HC+)
- Disable USB tethering (ICS+)
- Disable Google Sync/Backup (GB+)
- Disable Access to Device Settings (GB+)
- Enforce GPS Availability (GB+)
- Disable GPS Mock Locations (GB+)
- Disable YouTube (GB+)
- Disable Browser (GB+)
- Disable Installation from Unknown Sources (GB+)
- Disable Background Data (GB+)
- Disable NFC (ICS+)
- Disable USB Debugging (GB+)
- Disable USB Mass Storage (GB+)
- Disable SD Card Access (GB+)
- Disable All Tethering (ICS+)
- LG
- Added support for the following Feature Restrictions for LG devices:
- Bluetooth
- Disable outgoing calls via Bluetooth
- Disable Bluetooth Discoverable mode
- Allow Limited Bluetooth Discoverable mode
- Disable Bluetooth Pairing
- Disable Bluetooth Tethering
- WiFi
- Disable WiFi-Profiles
- Disable WiFi Profiles Changes
- Enforce Minimum WiFi Security Level
- Disable WiFi tethering
- Disable USB tethering
- Disable Google Backup
- Disable SD Card Access
- Disable USB Mass Storage
- Disable Clipboard
- Disable USB Media Player
- Disable NFC
- Disable USB Debugging
- Enforce GPS Availability
- Disable GPS Mock Locations
- Disable Background Data
Microsoft® Windows Mobile/CE Features
- Adds support for manual distribution of a known certificate
- Adds support for configuring Fusion-based WiFi configurations from Web Console
- Introduces Support Contact Info inside device agent
- Introduces a utility that allows a device to fetch a package from an FTP server rather than the Deployment Service
- Adds support for showing Bluetooth in a Custom Navigation Bar while in Lockdown
- Electronic Serial Number (ESN) of Motorola Windows-based devices is now collected and displayed in the Info Panel of the Web Console
iOS7 Compatibility (Implemented in v10.00.9619 released on August 27th, 2013)
In line with Apple’s iOS 7 update, MobiControl v10 has been updated to streamline the enrollment process while implementing new app configuration methods. This new enrollment process requires that both components: MobiControl Server, and the MobiControl App be updated to the latest versions.
The new iOS enrollment process places more emphasis on using the enrollment URL rather than an enrollment ID. By using an enrollment URL, users can take advantage of automatic App configuration, rather than typing an enrollment ID:
Old Process (Agent)
- Open App Store
- Install MobiControl App
- Enter Enrollment ID from Add Rule
- Management Profiles Installed
- Device Successfully enrolled
New Process
- Go to Enrollment URL (Add Device Rule)
- Install Management Profiles
- User is Prompted, Installs MobiControl App
- Device Successfully Enrolled
- MobiControl App is automatically configured after install
Revisions:
- Release 10 build 9912 on March 6th, 2014
- Release 10 build 9619 on August 27th, 2013
- Release 10 build 9484 on April 15th, 2013
- Release 10 build 9354 on March 20th, 2013
- Release 10 build 9329 on January 7th, 2013
- After upgrade all LDAP connections will require re-configuration of Base DN and Authentication Type
-
Release v9.03 -- Build 7800 -- May 1st, 2012
Highlights
- Enhanced Reports to support additional formats during export
- Removed dependency on Active Directory binding for Management Console and device enrollment
- Additional logging for executed “Action” commands
- Intelligent device installer with automatic vendor detection and agent selection
- 9.03 upgrade support for Japanese language
- Phone call policy for web console updated to block private caller
- Android+ Chinese language localization support for the device agent
- Application Catalogue Update Button
Android+
Introduction of SOTI’s Android+ technology- Provides common set of Mobile Device Management features including Remote Control, Application installation, Device Configuration, and more, across multiple OEMs
- Provides Remote Control capability across a wider range of Samsung devices
- Replaces “Samsung Android” tab in Management Console
Samsung Android
Asset Management & Security Management- Persistent GPS monitoring
- Added option to prevent user from removing MobiControl Agent
- Authenticated device enrollment now captures email address and username from directory service
- Improved certificate management
Aligning with the Samsung Galaxy SIII launch, 9.03 enhances or adds support for the following device configurations:- Background Data
- Bluetooth:
- Disable Bluetooth
- Require password to Enable Bluetooth
- Disable outgoing calls via Bluetooth
- Disable Bluetooth Discoverable mode
- Require password to enable Bluetooth discovery
- Disable Bluetooth Pairing
- Disable Bluetooth Desktop Pairing
- Disable Bluetooth Data transfer
- Data Protection:
- Disable Google Backup
- Disable SD card access
- Disable USB Mass Storage
- Disable Kies
- Disable Clipboard
- Data Protection:
- Disable Google Backup
- Disable SD card access
- Disable USB Mass Storage
- Disable Kies
- Require password to enable Bluetooth discovery
- Disable Bluetooth Pairing
- Disable Bluetooth Desktop Pairing
- Disable Bluetooth Data transfer
- Enable / Disable:
- USB Media Player
- NFC
- Home Key
- Screen Capture
- USB Debugging
- Factory Reset
- Access to Device Settings
- Voice Dialer
- YouTube
- Browser
- Installation From Unknown Application Sources
- Samsung Native Email Client:
- IMAP and POP3
- MS Exchange Policies
- Both sync calendar and sync email intervals
- Allow/Disallow HTML Email
- Maximum Email Truncation Size
- Enable Signature Editing
- Peak Sync Schedule
- Peak Days
- Peak Start/End Times
- Sync Schedule On/Off Peak
- VPN:
- Support for L2TP
- Support for PPTP
- Wi-Fi:
- Disable Wi-Fi
- Disable Wi-Fi Profiles
- Disable Wi-Fi Profile Changes
- Disable Prompt for Credentials
- Enforce Wi-Fi Data Only
- Enforce minimum Wi-Fi Security Level
- Always prompt for Wi-Fi Certificate Credentials
- Wi-Fi:
- Disable all tethering
- Disable Wi-Fi tethering
- Disable Bluetooth tethering
- Disable USB tethering
Apple iOS
- Improved device enrollment process
- Enhancements to Documents Portal including File Sharing controls
- Improved application status monitoring for Managed Apps
- Application Catalog compatibility checks for iPad, iPhone-Only Apps
- Authenticated device enrollment now captures email address and username from directory service
-
Release v9.02 -- Build 6270 -- January 27, 2012
Highlights
- Automatic Actions on Alert: Configure automated actions such as relocate device to a new device group or block MS Exchange Email Access based on a variety of alerts.
Samsung Android
Remote Control- Live remote control of devices for optimal helpdesk troubleshooting
- View and Control devices with desktop keyboard and mouse in real time
- View and Manage device services, tasks, and file explorer
Asset Management- Enroll, Provision and configure groups of devices wirelessly
- Management Dashboards and advanced reports audit a variety of device information
- Send messages to devices using Google’s Cloud to Device Messaging
Application Management- Install, update and remove applications without user interaction
- Manage application security with certificate installations
- Ability to wipe application data
- Enforce application blacklists
Configuration Management- Enable or Disable:
- Android Market
- Camera
- Data Usage while Roaming
- WiFi
- Bluetooth
- Microphone
- Access Point
- Remove managed MS Exchange account and data
- Configure Access Point Settings, WiFi Settings, and Strong Password requirements
MS Exchange Policies- Enable or Disable MS Exchange Account Access
- Ability to configure secure device connection to authorized MS Exchange Server
- Ability to configure device side MS Exchange settings such as email address, passwords, SSL certificates, email notification types, and sync intervals
Location Based Services- Locate, Track and Historically Bread crumb device GPS location and movement globally
Security Management- Enforce LockDown Policies that block use of the operating system and replace the device home screen with a customizable screen with access to select applications only.
- Remote Actions include Lock, Unlock, Wipe, & Restart
- Full Device Encryption including SD card
- Install security & identity certificates on device
- Detect Rooted devices
Apple iOS
- New APNS Certificate Generation Process
- Configure IMAP/POP Email Accounts
- Volume Purchase Plan (VPP) Integration
- Location Data Collection: locate and track devices without user interaction
- App Store Integration for Application Catalog Configuration
- File Synchronization within MobiControl Agent File Browser
- Send Enrollment Invitation Email
- Application Blacklist: Alert on prohibited applications installed
- Configure certificate based authentication for MS Exchange, WiFi, and VPN
- iOS 5 MDM Features:
- Disable iCloud device and document sync
- Disable Photo Stream
- Prevent moving messages between email accounts
- Prevent applications from sending corporate emails
- S/MIME encryption enforcement
- Configure WiFi Proxy and configure auto join network connections
- Report on Voice Roaming status and battery status
- Disable voice and data roaming
- Disable SIRI
- Disable Diagnostic Crash logs
- Application Management
- Request user to install application
- Specify if app should remain or be removed if MDM profile is removed
- Prevent app data back up to iTunes or iCloud
- Report on application status: needs redemption, redeeming, user prompted, installing, managed, managed but uninstalled by user, unknown, user rejected install, failed
- Remove managed apps
Google Android
- Enforce LockDown Policies that block use of the operating system and replace the device home screen with a customizable screen with access to select applications only
Note:
- Build 6270 replaces build 6222 that was posted on January 13, 2012.
-
Release v9.00 -- Build 5679 -- September 30, 2011
General
- Differentiated device licensing
- Aruba AirWave integration: access point management
- Windows Desktop lockdown (XP/7)
- Secure Email Access: MS Exchange filter to block access to unmanaged devices
- SOTI Service Portal:
- MobiControl Device Messaging Service: Apple APNS, Google C2DM, and SMS message relay
- MobiControl Device Agent Service: Agent Builder
- MobiControl Licensing Service: Differentiated Licensing
- MobiControl Location Services: uses Bing maps key system
Web Console
- Windows Mobile & Windows Desktop configuration
- Device Agent Wizard for Windows devices
- Management dashboard view
- Additional graphical displays and User Interface enhancements
Google Android
- Data Collection
- File Synchronization
- C2DM messaging
- Real Time location tracking
- Historical location bread crumbing
- Agent User Interface enhancements
- NitroDesk TouchDown integration
Apple iOS
- Additional device security information
- Enterprise application Provisioning Profile management
- Configure Web Clips
- SSL encrypted communication between agent and deployment server
- Apple Push Notification Service messaging
- Agent user interface enhancements
-
Release v8.51 -- Build 5251 -- April 18, 2011
Improved Performance:
- Enhanced web interface
- Optimized reporting of device activity
Bug Fixes
- Fixed assorted minor issues with web interface, device agents, and deployment server
Note:
- Build 5251 replaces build 5250 that was posted on April 14, 2011.
-
Release v8.50 -- Build 5240 -- March 22, 2011
New Platform Support
- Apple iOS v4+ devices (iPhone, iPodTouch, iPad)
- Android v2.2+ devices.
Apple iOS Features
- OTA Device Enrollment and Provisioning: Users can self provision authorized devices with valid Active Directory credentials or unique password authentication and enroll into corporate networks wirelessly.
- Dynamic Asset Management: Organize and manage devices individually or by custom groupings.
- Extensive Live Device Information View and Audit
- Encrypted OTA Device Settings Configurations
- Device Feature and Applications Restrictions
- Device Certificate Management: Upload, View, and Delete Certificates on devices
- Application Management: View all installed 3rd party App Store and In-House Enterprise applications. Customize a private Application Catalog to direct users to private in house applications or recommended 3rd party applications.
- Detect Jail-broken devices
- Locate live device GPS coordinates on an interactive map
- Real Time Remote Actions: Lock, Unlock, Wipe, Corporate Data Wipe
- Remote Control device agent
- Live Two-Way Chat
- Alerts and Reports
Google Android Features
- OTA Device Enrollment and Provisioning: Users can self provision authorized devices with valid Active Directory credentials or unique password authentication to enroll into corporate networks wirelessly.
- Dynamic Asset Management: Organize and manage devices individually or by custom groupings.
- Extensive Live Device Information View and Audit
- OTA Password and WiFi Settings Configurations
- Application Management: View all installed 3rd party App Store and In-House Enterprise applications. Customize a private Application Catalog to direct users to private in house applications or recommended 3rd party applications.
- Detect Rooted Devices
- Locate live device GPS coordinates on an interactive map
- Real Time Remote Actions: Lock, Unlock, Wipe, Corporate Data Wipe
- Alerts and Reports
Web Console
- New Contemporary Redesign
- Multi-Platform layout for viewing and managing devices
- Extensive Web Help Files
- Configuration of Rules
- Add Devices Rules
- Deployment Rules
- File Sync Rules
- Device Relocation Rules
- Data Collection Rules
- Alerts Rules
- Viewing and Management of Alerts
- Configuration of Console Security
Remote Control
- Optimized communication protocol
- Improved support for communication across load balancing appliances
Enhanced Support for Windows Devices
- Extended desktop lockdown functionality to include support for devices running the Windows 7 operating system.
- Added support for many new Windows based devices, including: Intermec CN70.
Bug Fixes
- Fixed assorted minor issues with Location Services, Remote Control and connections over cellular networks.
-
Release v8.00 -- Build 4259 -- September 28, 2010
Web Console
- SOTI MobiControl can be accessed anywhere with the new web-based Management Console, without any software installation required
- Features include:
- Structured views of device status
- Full-featured device remote control
- Location Services: Locate, Track and View History<
- View device logs, collected data, package status, etc.
- Detailed reports
Rapid Device Provisioning
- Devices can be provisioned in seconds by scanning a barcode, powered by SOTI MobiScan
- Device users can conveniently scan a few barcodes to get a device connected to a WiFi or cellular data network, and have it register with an available MobiControl system
Standalone Authentication
- New standalone authentication system can be used independently or in conjunction with Active Directory to restrict who can access the MobiControl Manager and the web console, as well as granular authorization of features within the consoles.
Device Agents and Platform Support
- Added support for all the latest devices from a wide range of manufacturers including:
- Motorola - Intermec - Honeywell - Psion Teklogix - LXE - Casio - CipherLab - Intellicon - Denso - Getac - Janam - Pidion - Unitech - Improved support for devices running the latest versions of Windows Mobile 6.5, CE 6.0 and
Windows 7
Device Lockdown
- Lockdown for Smartphone (non-touch screen devices) vastly improved
- Lockdown browser is now capable of accessing FTP sites
- Improved support for latest devices running CE 6.0
Live Licensing System
- MobiControl license activation system enables automatic updates without the need to enter new registration codes when you purchase additional device licenses and/or extend your support agreement.
-
Release v7.01 -- Build 3947 -- April 14, 2010
Key Benefits
- Improved performance for large screen devices such as laptops running at high-resolution
- Added idle timeout feature to automatically disconnect unattended sessions
- Improved support for a range of Windows CE, Windows Mobile and Windows XP embedded devices
- Corrected problem with file extension mappings
Phone Block
- A range of phone numbers can now be specified with the use of wildcard characters
- Policy is now automatically disabled when an emergency call (e.g. 911) is detected
Device User Authentication and Lockdown
- Corrected conflicting keyboard restrictions that impacted 3rd party applications on touch screen devices
- Corrected problem with key restrictions disabling the back button on smartphone devices
- Pop-up information bubbles corrected for CE6 devices
File Sync
- Improved performance when concurrently transferring files to thousands of devices
- Maximum supported file size increased from 2GB to 4GB
- Link to 'Sync Files Now' added to the right-click menu of Virtual Groups
Alerts
- Enhanced information is now included in automated alert messages
- Improved detection of geofence entry and exit events
- Corrected fault in collection of invalid GPS coordinates
Device Agents and Platform Support
- New format introduced for the Hardware/Manufacturer Device ID which conforms to the Microsoft standard
- Added hard reset support for Intermec CV60
- Improved support for M3 Mobile devices, including device wipe and cold-boot persistence
- Added support for connecting to the Deployment Server via a proxy server
- Added 'restart' command-line option of device side agent
- Improved the 'smsreportpn' script command to support wider range of devices
- Corrected failure to obtain MAC address via the %MAC% macro on Windows desktop devices
Package Studio
- LNK/XML files can now be auto-launched during installation
- Corrected performance issue when deploying a package containing 100+ files
Manager
- Added the ability to select the deployment instance on the start of the MobiControl Manager, allowing for easy switching between the management of production and test environments
- Location Services mapping feature is now compatible with an authenticating proxy server
- Improved performance of send message/script via SMS feature
- Corrected flaw in Files Sync's feature to automatically create sub-folder structure that mimics the Device Tree
-
Release v7.00 -- Build 3818 -- November 23, 2009
Real-time Alerts
- Automate monitoring of customizable device-side and server-side events
- When an event of interest occurs you can:
- Execute customized actions such as displaying a message to the user, or running a maintenance routine
- Get notified via email or text messaging
- Device-side monitoring and triggered actions work even if the device isn't actively connected to the MobiControl system (e.g. no active data connection)
Geofencing and Location Services
- Define actions to be taken automatically when devices enter or exit geofenced areas
- Retrieve postal address of a device's current location
- Send driving directions to the mobile device directly from the helpdesk console
- Live traffic condition reporting
- Quickly locate a place on the map by city name or address
- Support added for all Windows CE and Windows XP/Vista/7 devices with GPS capability
Phone Call Policy
- Restrict device user access to a defined set of incoming or outgoing numbers
- Supports wild cards to allow ranges of numbers to be easily defined (e.g. long distance and toll numbers)
- Collection of call logs allows organization to monitor phone usage and meet compliance requirements
- New built-in command for determining the phone number of the device in the event the SIM card has not been provisioned
Remote Control Enhancements
- Adjust color quality on-the-fly during your remote control session
- New 8-bit and 16-bit color modes allow for improved performance over slow networks
- 2-way chat feature communication between the device user and the helpdesk staff
- Laser pointer now available for visually guiding the device user while providing remote training
- Support added for Windows Vista and Windows 7
- Support added for 64-bit versions of Windows XP, Windows Vista, Windows 7 and Windows Server 2003
- Improved algorithms for remote screen display to use less bandwidth and reduce response time
- Automatic zoom level mode for better visualization of large remote screens
Device Lock and Lockdown Menu
- New 'device lock' screen provides summary of notification information such as missed calls and new emails without having to log into the device
- New password entry screen layout optimized for finger-friendly input
- Lockdown kiosk menu can now display custom data values and include direct links to shortcut files and script files
Platform Support
- Full support for new Windows Mobile 6.5, Windows Vista and Windows 7 operating systems
- Improved support for:
- Motorola MC1000, MC3100, MC55, MC75, MC9500
- Intermec CN4e, CK3, CN50
- Honeywell Dolphin 6000, 7600 GSM GPS, 9950 and 9900 for healthcare
- Psion Teklogix Ikon, Neo, 8515
- LXE MX7, MX8, MX9
- Janam XG100, XM66
- Bluebird Pidion BIP-1300, BIP-6000, BM-150R
- Datalogic Memor, Skorpio
- ... and devices from HTC, Samsung, and many other manufacturers
Device Configuration
- Improved user interface for configuration of group and device level settings. Provides clear indication of which settings are being inherited from a parent group, or are being overridden.
- Time Synchronization now takes place at scheduled update events in addition to on connect
- Cloning enhanced to better support ZeroConfig and Summit wireless radio settings
- New device-side status and configuration applet for Windows Mobile devices
Reports
- New reports added for improved visibility into system status and configuration
- Vastly improved report execution speed
-
Release v6.03 -- Build 3649 -- June 8, 2009
Updated Device Support
- Intermec CN4, Intermec CV30 (Windows CE), Honeywell 99xx, Psion Teklogix Neo, Motorola MC55, DataLogic Memor and Scorpio, Samsung Omnia, Palm Treo Pro, Mobia PPT-180 and many more...
- Advanced support for Psion Teklogix specialized buttons (scanner, blue, orange keys, etc.) in remote control and lockdown
Advanced Package Deployment Scheduling
- Package installation can now be scheduled for offline execution at a specified time, regardless of the devices connectivity to the MobiControl server
- New 'Downloaded' status added to indicate when a package has been downloaded and is pending for a scheduled installation
- Package installation user confirmation prompt can now be customized within the package creation wizard
- Device is now forced to stay awake while package installation in progress
Targeted File Encryption
- Exclusions can now be defined for select files and folders
- Wild card selection of targeted files and folders using (e.g. '\Storage Card\Inbox-*')
- Improved support for encryption of various file types
Time Synchronization
- Improved mechanism to synchronize device clock on first connection
Enhanced Device Lockdown
- LAN/ActiveSync network status is now indicated in lockdown's custom status bar
- 'Back' navigation button added
- Copy and Paste is now supported via select and hold pop-up menu
- Option added to disable quick launch feature
Access Control and Permissions
- Added permission to restrict agent upgrades and modified permissions required to move a device between groups
Improved Reporting
- Cellular carrier identification and signal strength is now automatically reported
- Deployment Server status in the Manager is now more responsive even when the Server is under a heavy load
- Optimized data collection panel for greater efficiency
Cloning of Device Settings
- Expanded list of available settings for Psion Teklogix devices
- Cloning wizard can now proceed even if not all selected settings can be read from the device, user is warned about what could be cloned and what could not
Enhanced Device Naming functionality (commloader.exe -n)
- Updates Windows Device Name when '-n' option is used (if set Windows Device Name feature is enabled)
- Improved validation of name when choosing to set Windows Device Name in Agent wizard
- No longer results in a disconnect when initiated from the device applet or using '-n' option
Advanced command-line options for integration with 3rd party solutions
- 'syncfile' command-line option added to initiate File Sync from device side (equivalent to selecting 'Sync Files Now' from the Manager)
- 'syncpkg' command-line option added to initiate Update Schedule check from device side (equivalent to selecting 'Pushing Pending Packages' from the Manager)
- 'installpkg' command-line option added to initiate installation of any packages that are presently on the device with "Downloaded" status
Assorted Fixes
- 'OK' button did not display on password prompt screen on Smartphone devices
- Command-line feature for disconnecting cellular data connection (commloader.exe -inet -hangup)
- Cloning wizard would abort if ActiveSync was not present even when not required, for example when created a cloning package with provisioning
- Suppressing re-installation prompt when upgrading device agent stored on the SD card of Intermec 7xx PPC 2003 devices that use Intermec Persistence Manager
-
Release v6.02 -- Build 3544 -- February 11, 2009
Platform Support
- Enhanced support for the latest Windows Mobile 6.1 devices, including Intermec CN3
- Improved support for devices running foreign language versions of the Windows Mobile operating system
Assorted Fixes
- Corrected upgrade problem that affected device agents upgrading from versions 5 of MobiControl
- Corrected problem with time synchronization that affected synchronization of Day Light Savings time setting
- Corrected soft reset problem that affected several device models including Symbol/Motorola devices
Note:
- German edition build 3557 replaces v6.02 build 3555 that was posted on MAR 19, 2009 and Japanese edition build 3563 replaces v6.02 build 3548 that was posted on MAR 19, 2009.
-
Release v6.01 -- Build 3497 -- January 12, 2009
Dynamic Package Deployment Groups
- Quickly and easily deploy packages to a focused subset of devices by assigning your package to a virtual group and configuring a Device Relocation Rule to automatically establish which devices belong to that group.
Device User Authentication Improvements
- Added the ability to securely reset the device user password (standard authentication) even if the device is offline
- Improved user authentication via an Active Directory server by having the agent automatically establish a cellular data connection when an online authentication is required
- Improved support for the changing of a user Active Directory password from the mobile device
Lockdown - Numerous improvements including:
- Full support for VGA and other high resolution screen sizes
- 3rd party software may now add custom icons to the custom navigation bar
- Improved support for launching of 3rd party .NET applications
Platform Support
- Broadened support to include Cadec and Gotive Windows CE powered devices, while enhancing existing support for Motorola, Intermec, Honeywell, Psion Teklogix and Samsung devices.
Script Enhancements:
- 'abortpkg' script command can now be used in post-install scripts
- 'showmessagebox' command now includes OK/Cancel button option
Assorted minor improvements for the following features:
- Send SMS Script feature, ability to edit destination phone number
- 'Move Device' group permission, now independent of the 'Modify Device Groups' permission
- Exchange ActiveSync Configuration, now supports specification of HTML message download size
- 'Force Package Reinstall Now' command, updated to only affect selected device
- File encryption, improved handling of email, MMS messages and other file formats
- Report, addressed several report generation errors
- Remote file editing, addressed conflict with Windows Vista User Access Control mode
Note:
- Build 3497 replaces v6.01 Build 3465 that was posted on December 17, 2008, and Build 3481 that was posted on January 2, 2009