SOTI MobiControl

2025.1

·

Build 1007

·

March 26, 2025

Release Highlights

SOTI MobiControl 2025.1.0 introduces a range of powerful features designed to enhance device management, security, and operational efficiency. These new tools provide administrators with extensive resources to reduce manual effort and ensure consistent configurations across devices.

Platform support for Android, Apple and Windows has been elevated with several enhancements. This release introduces over 70 new features and improvements. The reach and capabilities of SOTI VPN, SOTI Surf, SOTI Hub and Settings Manager have expanded. Lastly, the SOTI MobiControl console, server, and SOTI XTreme Hub have been improved with performance and security optimizations.

New Features and Improvements

System Administration

Approve Device Enrollments

Administrators can now review and approve device enrollments, ensuring that only authorized devices are enrolled, and configurations are applied only after approval.

Granular Security for Packages

Administrators can now assign read and write permissions to individual packages, ensuring secure access is granted only to authorized users. These permissions can be assigned in bulk, enabling admins to efficiently manage access control across multiple packages.

Streamlined Enterprise App Management

Administrators can now efficiently manage, upload and delete enterprise apps across device platforms from a singular location, ensuring strict app version control and maintaining user access control for uploaded enterprise apps.

Boost Efficiency with Shared Views and Searches

Administrators can now share column views and saved searches on the Devices dashboard with users, roles and groups, streamlining collaboration and ensuring consistent access to relevant data.

Package Enhancement - Support Large Size Packages

Administrators can now deploy packages up to 4GB, simplifying the process of distributing large OS updates and eliminating the need for file segmentation.

Support for Sectigo Certificate Authority

Administrators can now integrate with Sectigo Certificate Authority (CA) and manage the complete lifecycle of certificates. This is available as a REST API integration, allowing the ability to issue, renew and revoke certificates issued by Sectigo CA.

Device Load Balancing for Multi-Deployment Server Environments

Administrators can now configure automatic device load balancing across multiple deployment servers, ensuring even distribution of load and enhancing overall system reliability.

Search Bar in Apps Dashboard

This feature update now provides a responsive search bar in the Apps dashboard, allowing users to filter app data by keywords or criteria.

Ability to Clone Roles and their Respective Permissions

Roles and their permissions can now be cloned, reducing errors and streamlining role management.

Bulk Permission Update for Profiles and App Policies

Administrators can now edit permissions for multiple profiles and app policies.

Ability to Use User Attributes for Searching and Profile Filtering

Administrators can now leverage user attributes for searching and filtering devices, as well as targeting profiles.

Ability to Delete Draft Version of Profiles

Administrators can now delete draft versions of profiles, simplifying profile management and reducing errors.

Support for Custom Attribute and Custom Data Macros in Signal Policies

Users can now integrate custom attributes and custom data macros into Signal actions, streamlining workflows.

Support for Custom Attributes as Device Properties in Signal Policies

Administrators can now monitor custom attributes and trigger automated actions based on their values using Signal policies.

New Device Actions Added to Signal Policies

This update introduces new device actions triggered by policy conditions, such as device check-ins and soft reset.

Automatic Failover for Signal Service in Multi-Server Environments

This feature enables automated failover switching for Signal services in a multi-server environment, ensuring uninterrupted monitoring and seamless device operation.

Ability to Assign Priority to Triggered Alerts in Signal Policies

Administrators can now assign priority levels to triggered alerts, improving visibility for urgent issues, enabling quick sorting and prompt action on critical notifications.

View Signal Policies at the Device Group Level

This update allows administrators to view Signal policies assigned to a device group, improving troubleshooting and management efficiency.

Ability to Filter Profile and Policy Assignments Based on Android-Zebra MX Version

Administrators can now filter profile and policy assignments based on the MX version for Android-Zebra devices.

Improved Visibility for Packages with Dependencies Assigned to Profiles

Administrators now have visibility into package dependencies within profiles, simplifying package management by quickly identifying and deleting unused packages.

Deployment Schedule for Android Enterprise Apps in App Policies

This feature offers granular control over Android Enterprise app deployment schedules. Users can define specific deployment windows, including start and end times, days of the week, and recurrence patterns.

Android

Control App Access to Cellular and Wi-Fi Networks

Administrators can now allow or block apps on specific Wi-Fi or cellular networks to safeguard sensitive corporate information and regulate data consumption on Android Enterprise devices.

Manage Device Permissions

Easily set device permissions like Camera and Location access etc., for applications deployed via App policy.

Rollback App Deployments

Seamlessly roll back Android Enterprise app deployments to instantly correct errors, restore functionality on devices and maintain control over app distribution.

Specify App Installation Order

Administrators can now specify the installation order of Android Enterprise apps through App policy, ensuring a structured deployment process.

Hide Supporting Applications on Lockdown Home Screen

Easily designate apps to remain hidden from the Lockdown home screen while allowing them to be accessed by visible primary apps as needed, eliminating manual Lockdown template modifications.

Grant Full Access to Google Play for Device Users

Administrators can now easily enable Google Play access on specific devices through the Managed Google Play payload for Android Enterprise, allowing device users to install any Google Play work app without requiring administrative approval for each app.

Customize Audit Logging by Event Type

Enable robust audit logging for all Android device side features and customize event selections for enhanced monitoring and compliance.

Configure Single Sign-on on Non-shared Devices

Administrators can now configure Microsoft Authenticator and Imprivata Mobile Device Access (MDA) Single Sign-on (SSO) and see all prerequisites for easy configuration via Profiles, without needing to configure Shared Device.

Auto Logout Imprivata Shared Device Users

Administrators can now automatically log out a shared device Imprivata MDA user after a specified time or device inactivity to protect confidential data and prevent unauthorized access to corporate devices.

Set Custom Messages on Lock Screen

Configure the lock screen to display a custom message that communicates crucial information to return the device when found and provide return instructions on a lost device without giving access to the device.

Retrieve Zebra LifeGuard Device Status

Administrators can now obtain the latest Zebra LifeGuard enrollment status of a device and the most recent firmware upgrade status via a Device Action before provisioning a new firmware update.

Use Zebra LifeGuard Without Google Play

This feature allows administrators to automatically provision the Zebra enrollment app for Zebra LifeGuard as an Enterprise app via App policy without compromising security compliance and avoid interfacing with Google Play services.

Provision F5 VPN for Android Enterprise

Administrators can now seamlessly configure F5 VPN using Android Enterprise Profiles, enhancing efficiency by integrating F5 with other Android Enterprise settings.

Retrieve Debug Logs Without FTP on Android

Use this feature to leverage the SOTI MobiControl server and Android Agent connection to securely retrieve debug logs without relying on FTP. This allows for quicker log submission to SOTI support, leading to faster resolution of critical issues.

Apple

Apple Firmware Policies

Administrators can now enforce specific OS build versions and precisely schedule firmware updates, ensuring all devices are secure and up to date with minimal operational disruptions.

Microsoft Authenticator SSO Profile Payload for iOS

Increase security and user productivity by seamlessly registering iOS and iPadOS devices with Microsoft Entra ID and perform Single-Sign-On (SSO) with Microsoft Authentication Library (MSAL)-enabled applications.

ACME Certificate Provisioning

This profile payload integrates ACME Certificate Authority support into SOTI MobiControl, providing automated and secure certificate management.

Support for System Extensions for macOS

This feature now allows administrators to transition from legacy Kernel Extensions (KEXTs) to System Extensions, improving system stability.

PKG deployment Enhancement for macOS

Administrators can now manage macOS PKGs containing only scripts, ensuring successful installation and configuration. This functionality empowers users to automate tasks and maintain consistent configurations across macOS devices.

Support for v2 of VPP APIs

This update allows seamless integration with the latest Apple Volume Purchase Program (VPP) APIs, ensuring uninterrupted app distribution and licensing management.

Enterprise App Management Improvements

This feature allows users to upload, view, and manage IPA files more efficiently, reducing support calls and streamlining the app deployment processes.

Windows Modern

Effortless OS Deployment for Large-Scale Device Provisioning

Operating system images can now be deployed to multiple Windows Modern devices simultaneously. This feature streamlines the provisioning process, reducing setup time and minimizing errors.

Updates Management Dashboard

Administrators can now monitor and manage Windows OS and Microsoft application patches and updates across all devices from a centralized dashboard, improving security posture by enabling timely patch deployment, enhancing operational efficiency through streamlined workflows, and supporting compliance efforts with comprehensive visibility and control.

Credential Provider for Windows Modern Devices

Administrators can now easily implement SOTI Identity-based authentication for Windows Modern devices, ensuring security with multi-factor authentication.

Peripherals Management

Administrators can now monitor and manage peripherals connected to Windows Modern devices, ensuring availability and reliability of peripherals in real time.

Windows Update Policy

This improvement allows administrators to configure Windows OS and Microsoft application updates within SOTI MobiControl, enhancing security through timely patch application.

Hardware Components Management

Administrators can now automatically scan, detect, and record all hardware components of Windows Modern devices.

Microsoft Security Baseline Configuration

This functionality empowers administrators to enforce Microsoft-recommended security baselines across devices.

CIS Benchmarks Configuration

Administrators can now apply CIS benchmarks to their SOTI MobiControl deployment, improving security posture with standardized configurations and simplifying compliance management.

Enhanced Lockdown Experience for Windows Modern Devices

Administrators can now hide the navigation bar, set power options, run scripts, and preview videos. Additionally, new and improved HTML templates with automatic synchronization ensure consistency.

Autopilot Enrollment Configuration

Autopilot enrollment settings can now be configured within SOTI MobiControl through a unified interface.

Defender Antivirus Reporting

This feature provides comprehensive visibility into Windows Defender scan results and threats at both device and group levels.

Group Policy Object (GPO) Updates Configuration

Administrators can now create, deploy, and manage local Group Policy Objects (GPOs) for control panel, Start menu, and task bar settings within SOTI MobiControl.

Device Configuration Registry Key Management

Administrators can now easily manage registry keys directly through SOTI MobiControl.

Windows Services Management and Visibility

This functionality empowers administrators to monitor and control Windows services directly from the SOTI MobiControl web console.

MSIX and APPX Bundles Support in App Policy

Administrators can now deploy MSIX and APPX bundles to Windows devices using App Policy.

Enhanced Network Details Visibility

Administrators can now access real-time updates of network details during device check-in.

Unified Write Filter (UWF) for Enhanced Device Security and Stability

This feature helps administrators manage Unified Write Filter (UWF) settings to protect system integrity.

Local User Group Membership Management

Administrators can now manage local user group memberships directly from SOTI MobiControl.

SOTI XTreme Hub

Configure Multiple SOTI XTreme Hubs to Target Device Groups for Content Deployment

Administrators can now select multiple SOTI XTreme Hubs to deploy content to specific device groups, optimizing resource utilization, reducing network bandwidth consumption to accelerating content delivery.

SOTI XTreme Hub Support for Android Enterprise App Deployment via App Policies

Administrators can now deploy Android Enterprise apps via SOTI XTreme Hub, minimizing network impact for faster application updates and optimizing deployment.

Automatic Failover to Deployment Server During SOTI XTreme Hub Downtime

This update introduces automated fallback capabilities for SOTI XTreme Hub, ensuring seamless content delivery, even when the XTreme Hub is inaccessible, and automating the fallback process.

Improved Visibility and Status of SOTI XTreme Hubs

Administrators can now view critical information about SOTI XTreme Hub, such as target devices, number of groups served, and recent file syncs.

Ability to Append IP Address to Binding Certificates for SOTI XTreme Hubs

Devices can now communicate with SOTI XTreme Hub using either the Fully Qualified Domain Name (FQDN) or IP address.

SOTI XTreme Hub Enrollment Policy Modernization

Administrators can now create SOTI XTreme Hub enrollment policies in the modern console, eliminating the need to use the legacy console.

SOTI VPN

SOTI VPN for iOS

This feature provides an integrated VPN solution within SOTI MobiControl, eliminating the need for third-party VPN services. Users can now establish secure VPN tunnels and utilize split tunneling to secure all or select traffic flowing between iOS devices and network resources, such as corporate app servers.

SOTI Surf

Message on Redirection

This feature provides more configuration options to administrators when the user is redirected from blocked websites. Administrators can now configure the user experience to display a simple message without redirecting or disabling the message from the user.

ProGlove Scanner Improvement

This new feature optimizes the integration with ProGlove by reducing the number of manual entries needed to perform a scan.

SOTI Hub

SMB Protocol Support

Administrators can now access documents that are stored on enterprise file servers via the Server Message Block (SMB) protocol by providing additional access to enterprise documents.

Settings Manager

Toggle Mobile Data

This feature helps users manage their device connectivity by allowing them to toggle mobile data on or off directly through the Settings Manager, even in lockdown mode.

Accessibility Support via Settings Manager

This feature allows users to efficiently configure essential accessibility settings without granting full device access, maintaining security and control. The minimum agent requirement for this is SOTI MobiControl Agent 2025.0.4.

Upgrade Scenarios

SOTI XTreme Hub Enrollment Policy

  • During the upgrade, the SOTI MobiControl installer checks for any existing Xtreme Hub devices. If found, each Windows Desktop Classic ‘Add Device’ rule will be duplicated as an XTreme Hub enrollment policy.
  • After the upgrade, to enroll devices as XTreme Hub, you must use the new device agent available in the XTreme Hub enrollment policy.
  • All settings from the original "Add Device" rules will be retained in the duplicated XTreme Hub enrollment policies ensuring a seamless transition.
  • You can modify the newly created XTreme Hub enrollment policies to meet any updated security or enrollment requirements.

Package Granular Permission

  • Users who previously had the "View Packages" general permission will be automatically granted the "Read" granular permission for all packages.
  • Users who previously had both the "View Packages" and "Manage Packages" general permissions will be automatically granted both the "Read" and "Write" granular permissions for all packages.

Windows Updates Policy

  • All “Windows Updates” payloads in a Windows Modern profile will be duplicated to a Windows Modern Updates Policy.
  • All the “Windows Updates” settings will be preserved in the respective “Windows Modern Updates Policy”
  • A migrated “Windows Modern Updates Policy” can be modified post-upgrade to accommodate changing needs.
  • A new “Windows Modern Updates Policy” can be created from the console in the Policies section.
  • Status of the policy depends on the status of the profile the “Windows Updates” payload was part of before upgrading.
  • Granular permissions for a profile will be retained after upgrading a policy.

Resolved Issues

MCMR‑33871 Android: "Wipe Program Data" was greyed out, but the administrator was still able to wipe the program data using a script.
MCMR‑35101 Old application files were still stored in DB for Apple platform after upgrading an enterprise application.
MCMR‑35129 Agent and plugins fail to load in SOTI MobiControl web console.
MCMR‑35688 Deleted packages could be assigned in profiles via API.
MCMR‑35750 Android: Japanese translation of “Speed Lockdown is Deactivated” property in the Lockdown profile was incorrect
MCMR‑35751 Android: Japanese translation of "Automatic" word in the Wi-Fi profile was not correct.
MCMR‑35946 Under heavy system load, payloads were occasionally removed from profiles if they failed to load during an update.
MCMR‑36120 Japanese translation of “Automatic” on the Configurations tab in Device Details was incorrect.
MCMR‑36564 Windows Classic Lockdown removed Sysinternals Autologon settings, requiring reapplication.
MCMR‑36568 SOTI MobiControl Administrators could not edit user passwords when the global setting for the "access policy" was toggled off for "Allow users to change account password".
MCMR‑36656 Deployment of select Microsoft mobile applications for Android via App Policy Enterprise app method was failing.
MCMR‑36674 MS Authenticator failed to start if Safari was blocked by Feature Control.
MCMR‑36684 Certain macOS macros and scripts examples did not work as described in the documentation.
MCMR‑36718 Granting "Import Reports" permission did not show “Reports” option in the hamburger menu.
MCMR‑36733 Restricted apps for macOS devices were not blocked after applying a "Block Process" payload
MCMR‑36803 The device logs showed "Add new device" every time the agent connected to the deployment server.
MCMR‑37225 Windows, Android: Compliance policy status was not updating on the device if policy assignment used custom data with an “equal to” operator.
MCMR‑37383 Android: Lockdown templates did not apply on the device when changes were made frequently.
MCMR‑37442 The Notification badge did not appear on the SOTI MobiControl Agent app icon when the device received a notification
MCMR‑37585 Android: Profiles were stalled on "Pending Install" and would not install after a new enrollment.
MCMR‑37653 The Agree button on iOS agent had an incorrect German translation.
MCMR‑37806 Inaccurate user logs were generated during certain local user login failure.
MCMR‑37887 Custom Attributes / Custom Data were updated only on manual refresh after making updates.
MCMR‑38053 The daily autoSync of the Apple VPP token was preventing new apps or licenses from updating during the scheduled sync.
MCMR‑38164 Time sync policy when using the deployment server option was not working.
MCMR‑38241 Selecting SOTI Surf as target application in Web clips prevented the browser from opening.
MCMR‑38601 SOTI Surf was unresponsive at first launch.

APIs

Access Permissions for Package(s)

  • Copy permission of one package to other packages

Show Profiles Related to a Package Via a Package Dependency

  • Retrieve a list of profiles which are associated with a package via package dependency

Improve Visibility and Status for SOTI XTreme Hub

  • Retrieve the sync history of a specific device
  • Retrieve the current configuration of a specific device
  • Retrieve a list of SOTI XTreme Hubs serving a specific device

Ability to Target Device Group for Content Deployment

  • Retrieve the list of SOTI XTreme Hubs linked to a particular device group

Delete Draft Versions of a Profile

  • Delete draft versions of a profile

Apple Firmware Management Policy

  • Create Apple OS Update policies
  • Retrieve Apple OS Update policy summaries
  • Delete an Apple OS Update policy
  • Update an Apple OS Update policy
  • Return details of a specified Apple OS Update policy by reference ID
  • Disable an Apple OS Update policy
  • Email Apple OS Update policy summaries
  • Download Apple OS Update policy summaries
  • Retrieve Apple OS Update log summaries
  • Retrieve Apple OS Update logs
  • Assign an Apple OS Update policy
  • Retrieve the assignment info of an Apple OS Update policy by reference ID
  • Retrieve the list of assigned Apple OS Update policies for a specified device
  • Retrieves DDM declarations on a specified device for the specified Apple OS Update policy by reference ID

ACME Certificate Authority

  • Create ACME certificate templates
  • Update an ACME certificate template

Sectigo Certificate Authority

  • Create Sectigo certificate templates
  • Update an Sectigo certificate template

Device Load Balancing for Multi - Deployment Server Environments

  • Retrieve information on deployment server device load settings
  • Update information on deployment server device load settings
  • Retrieve information on deployment server device load balancing percentage
  • Update information on deployment server device load balancing percentage

App Policy

  • Returns Android Enterprise apps by reference id
  • Returns iOS Enterprise apps by reference id
  • Returns macOS Enterprise apps by reference id
  • Returns tvOS Enterprise apps by reference id
  • Delete Android Enterprise apps by reference ID
  • Delete iOS Enterprise apps by reference ID
  • Delete macOS Enterprise apps by reference ID
  • Delete tvOS Enterprise apps by reference ID
  • Returns a list of Android Enterprise apps
  • Returns a list of iOS Enterprise apps
  • Returns of list of macOS Enterprise apps
  • Returns a list of tvOS Enterprise apps

Enrollment Policy

  • Returns a list of country codes
  • Returns a list of language codes

Windows Updates Policy

  • Create a new Windows Update policy
  • Assign Windows Update policy
  • Retrieve assignment information for a specified Windows Update policy
  • Update Windows Update policy
  • Delete Windows Update policy
  • Disable Windows Update policy
  • Copy Windows Update policy permissions
  • Edit Windows Update policy permissions
  • Retrieve Windows Update policy details
  • Download list of Windows Update policies as CSV
  • Email list of Windows Update policies as CSV
  • Retrieve logs for a specified Windows Update policy
  • Get the count of information, warning, and error logs for the specified Data Collection policy

Updates Dashboard

  • Retrieve the count of devices for which an update is Installed, Pending or Failed
  • Retrieve the list of updates
  • Retrieve the list of groups having updates in Available, Pending and Failed state
  • Download list of updates as CSV
  • Email list of updates as CSV
  • Retrieve the list of charts

Deliver Debug Report

  • Check if debug report is available
  • Retrieve debug report