SOTI MobiControl

2024.1

·

Build 1052

·

March 20, 2024

Release Highlights

ChromeOS Support

MobiControl now supports ChromeOS allowing users to effortlessly enroll devices, monitor them alongside devices from other platforms, and perform essential actions such as wiping, enabling, and disabling. Connecting your Google Admin Console with MobiControl significantly streamlines administrative operations for Chrome OS.

Manage Apple TV with MobiControl

MobiControl Administrators can now manage Apple TV devices. They can enroll the Apple TV devices in MobiControl using Automated Device Enrollment (ADE) and can deploy several payloads such as Feature Control, Single App Mode, and Conference Room Display Mode.

iOS Declarative Device Management

Enable the new Declarative Device Management protocol for Apple devices running iOS 16 or later to allow them to be proactive and autonomously report status updates. This protocol significantly reduces network traffic, decreases the latency of device status updates, and empowers the device to maintain compliant states even when offline.

Content Caching on macOS

Make use of this powerful feature to speed up the download of software updates and iCloud data across your macOS devices. MobiControl Administrators can now configure one or more macOS devices to save this data locally, and other devices can download from these selected devices instead of going to the cloud hosted Apple update servers.

Remote Device Locking for Windows Modern

Swiftly respond to security breaches or data leaks by remotely locking devices through the web console. This feature not only enhances data protection and device security but also offers flexibility in unlocking devices either through the web console or by using a unique PIN set by the Administrator. MobiControl ensures a prompt and secure response to potential threats, providing comprehensive control over device access for efficient incident management.

Package Studio in the MobiControl Web Console

Experience seamless package management with Package Studio Support in SOTI MobiControl. Eliminate the disjointed process of using a separate desktop application by enabling the creation, viewing, and editing of packages directly within the web console. This not only enhances IT administrator efficiency but also reduces costs by removing the need for a dedicated Windows machine and streamlining all package management capabilities in one centralized platform.

SOTI Surf Scripting Option

Administrators can now create, save, and send JavaScript to the SOTI Surf browser to change the behaviour of web-applications. These scripts can be saved as templates to automate user actions such as auto login, autofill, and keypress options. The ability to send JavaScript can also be tailored to customize the display of web apps, such as SAP web apps, which don’t render properly in a standard mobile web browser.

Upgrade Considerations

To continue using the Legacy Remote Control Plugin, Customers must uninstall the current version from their local systems and re-install the plugin via the link present in the 2024.1.0 MobiControl Web Console. Remote Control via XSight is not affected.

Customers who make use of the MobiControl APIs will require an additional layer of encoding when including path parameters in their API calls which contain special characters (E.g. !@#$%^&*()+.\?/) due to security enhancements made to MobiControl’s backend.

Customers who are upgrading to 2024.1.0 from a MobiControl instance below 15.2.0 must ensure that in their database properties, the compatibility level is changed to SQL Server 2016 or greater.

New Features and Improvements

System Administration

Improved Visibility of Assignment Options

Users are now able to view profile assignment options from the "Assignment" tab in the profile details dialog box. This will simplify the process users take to view profile assignments and allow them to identify wrong configurations faster and/or compare with other profiles. Three new distinct tabs for installation, profile scheduling and package options are also being introduced when configuring assignment options to improve visibility of all cards.

Device Search Mechanism for Assigning Profiles & Policies

This feature will let administrators search for devices when assigning profiles/ policies to specific devices. Furthermore, the search filter will carry over to multiple device groups so that the query does not have to be retyped.

Maximum Device Action Limits

Users can control how many devices in bulk can be impacted by a single device action. This adds an additional layer of security for users to mitigate the risk of unwanted bulk device actions being sent to many devices. In addition, this feature will allow a configurable setting for each user/group/role that controls how many devices can be actioned by a user in one go.

Concurrent Profile Editing Warning

This feature will provide users with a warning message in the “Edit Profile” window whenever another user is actively editing the same profile. This will help avoid situations where users accidentally over-write changes in a profile.

Enrollment Based on Restriction Criteria

Experience precise control over device enrollment with enhanced criteria-based restrictions. Define enrollment criteria within Android, Apple and Linux enrollment policies tailored to your needs for seamless control over device enrolment.

User Group Device Enrollment Limit

Users can now limit enrollment within a user group for authentication-based enrollment. This restriction ensures that users cannot enroll beyond the defined limit specified in the restriction rules. This feature applies specifically to authentication-based enrollment, serving to curb any unauthorized use of licenses.

Clone App Policy

With this new feature, users can easily replicate existing app policies, streamlining the deployment process and saving valuable time. Clone will create an App policy in draft which can be further modified. This feature enables users to establish a foundational structure and significantly reduces the time required to initiate policy creation, eliminating the need to create the policy from the start.

Interactive High Charts

Visualize your data more effectively with the numerous enhancements and adjustments that have been made to the charts in MobiControl. Charts have become more interactive with incorporate features such as drag-and-drop functionality, 2D and 3D preferences, a magnifier, and legends. The users can now create a filter query with just a click on the chart. Additionally, "Others" drilldown, will enable the users to delve deeper into the data.

Users and Permission Search

This functionality will empower users to efficiently search through extensive datasets within users and permission in users, groups and roles tab using keywords. This streamlined search capability not only saves time but also boosts productivity significantly. Moreover, users can effortlessly establish mappings with users and roles through a simple click, enhancing the overall efficiency of data management.

Improvements to Profile Export and Import

Users may now export and import Apple, Windows, and Linux profiles along the existing support for Android. Profile configurations which contain certificates and passwords are now included and up to 3GB of packages may be selected. Furthermore, export and import requests are now placed in a queue with the requests of other users and are prepared in the background, allowing users to continue using the web console. (Note: Apple tvOS profiles are not supported as of this release)

Copy General Permissions

Administrators can now copy general permissions from one role, user, or group to another with the copy permissions option. This reduces the effort of configuring new roles, users, or groups by allowing administrators to build from the general permissions of existing ones.

Profile Installation Status

With this feature, users can now click on the statuses next to the profile execution status chart. This will open a new tab of the MobiControl web console on the devices page, where you can find the devices with that execution status, thereby streamlining the workflow of troubleshooting problematic profile statuses.

Signal Policy Improvements

Users can now create Signal Policies that support events and properties for Linux, Windows Modern, and Windows Desktop classic devices. Moreover, users can choose additional categories for configuring conditions related to System, User and Group, Profiles, and Policies. Lastly, with the introduction of device side evaluation frequency, users can configure Signal Policies to be more responsive and allow devices to initiate Send Script actions for certain conditions even when devices are offline.

Android

Device Reboot Policy Condition Support

Administrators can now execute scripts after device reboots even when the device is not connected to the MobiControl Server. This avoids mobile worker disruptions by running scripts before the device is in use and ensures operational continuity post device reboot.

Restrict Passwords Attempts for Device Users to Enter Administrator Mode

Administrators can set limits on incorrect attempts to access administrator mode on the device. This enhances security by guarding against brute force attacks, reducing the risk of unauthorized access and data breaches.

JSON Custom Data Support

Administrators can now utilize JSON files for custom data generated by business applications directly within MobiControl. This enables administrators to effortlessly access and display the corresponding values in their web console. This eliminates the need to engage in complex workflows aimed at translating JSON files into INI or XML formats.

VPN IP Details for Android Devices

Users can easily identify devices that are connected to a VPN as they can now view both device and VPN IP addresses (IPv4/IPv6) at the same time on the Web Console. This feature will increase productivity as the employee need not determine VPN details manually for each device.

Zebra LifeGuard OTA: Cancel an already scheduled firmware upgrade

Administrators can now cancel any scheduled firmware upgrade on any compatible Zebra device through the Web Console. This update will increase the OS management efficiency of the organization and reduce the operational costs due to incorrectly scheduled upgrades.

Android Enterprise

Knox Service Plugin: Embedded Premium License Support

For Samsung devices enrolled as Android Enterprise Work Managed, administrators can now deploy premium features through Samsung Knox Service Plugin (KSP) OEMConfig via Profiles through Profiles, without having to enter a Knox Platform for Enterprise (KPE) Premium License. This allows administrators to efficiently configure their Samsung devices without obtaining a KPE Premium License from the Knox Admin Portal.

Speed Control Lockdown Only

Admins can now configure a Speed Control lockdown on Android devices, without requiring configuring a Device Control Lockdown. This will enable administrators to only enforce a Lockdown while their device is in motion and allowing the device to revert to the native Android experience when stationary, providing device users regular access to the device when permitted.

IKEv2 Android Native VPN Support

Configure and deploy IKEv2 Android Native VPN types including IPSec RSA, IPSec PSK and IPSec MSCHAPv2 to Android Enterprise Work Managed devices. This allows administrators to simplify VPN solution management by deploying Android Native VPN policies for the VPN client that is built into the Android operating system which avoids having to install third party VPN client apps.

Work Managed and Corporate Personal Firewall Support

Configure firewalls for Samsung devices deployed in both Android Enterprise Work Managed and Android Enterprise Corporate Personal modes. This allows administrators to either restrict or reroute users when accessing specific IP addresses through cellular network, Wi-Fi, or both.

Corporate Personal Device Factory Reset Support

Administrators can now factory reset their Corporate Personal Devices running Android 11 or above wiping both personal and work profiles of the device. This will reduce the loss of time and productivity for Administrators as the burden of performing a manual factory reset of the device is alleviated.

iOS

QR Code Enrolment

Administrators can now generate and utilize QR codes for iOS Enrollment Policies. This QR code can be downloaded and distributed to enroll your iOS fleets swiftly and smoothly.

Better OS Update Command

Admins can now use the new ‘Download and Install’ option for iOS device software update actions; automatically fetching, downloading, and installing the iOS software update in a single-step.

Default App for Web Clips

Admins can now specify a default application in a Web Clip Profile that will be used to open the Web Clip URL. This improves the experience for the device user as the desired application will be invoked directly instead of the Web Clip invoking the default web browser.

More App Store Regions

Admins can now create App Policies using Apps from 70 new Apple App Store regions. Allowing you to deploy more apps across your fleet globally.

Expanded Support for Google and Security Profiles

Configure and deploy new capabilities to iOS devices through Profiles, with the introduction of Google Accounts, Encrypted DNS, and Certificate Transparency configurations.

Advanced Configurations Improvements

Admins can now set a time zone manually for their devices so that they can configure their devices according to the time zone they want rather than what is set for them by location services. Admins can also now enable or disable Diagnostic Submission for Shared iPad devices so that the privacy of their data can be protected by preventing the device(s) logs from being sent to Apple.

macOS

Managed Apps for macOS Devices

IT administrators can now deploy applications as managed applications from both the 'App Store' and uploaded PKG files, with the real-time status updates on the Web Console. Additionally, the preinstalled unmanaged applications can now be converted into managed ones, from the Application listing under the Device Info screen. Finally, the managed apps will now get uninstalled automatically upon device un-enrollment from MobiControl or upon the App Policy un-assignment, deletion.

Distribution of iOS Apps on macOS Devices

Administrators now have access to a comprehensive listing of iOS Apps compatible with multiple Apple platforms. This update significantly enhances the app search and selection experience within the macOS App Policy, providing greater empowerment for SOTI MobiControl administrators. Moreover, it enables the seamless distribution and installation of iOS Apps, specifically tailored for Apple Silicon-based macOS devices.

Blocking of Apps and Process on macOS Devices

This enhancement provides SOTI MobiControl administrators with precise control over application execution. The update empowers administrators to prevent OS updates by blocking the OS updater process. Additionally, in cases where a process is restricted from execution, the device user will receive informative notifications regarding the blocked applications and processes.

Display execution status and output of scripts sent to macOS devices

This new feature gives SOTI MobiControl Administrators more visibility in the script execution. Administrators can now define whether they want to get the result and output of the scripts sent to devices or not.

Windows Modern

Directory/Federated Enrollment

MobiControl Administrators can now enroll devices with a more secure and precise way with identity providers (IdP) along with Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) protocols. This resolves the ambiguity in the previous Directory enrollment policy which arose when there were multiple enrollment policies which had user groups that contained the same user.

Compliance Policy

IT administrators can effectively monitor and enforce compliance for Windows Modern devices. Easily set and manage compliance criteria based on diverse device and app properties. View non-compliant devices in the web console, receive email notifications, and implement conditional access for applications. This feature ensures seamless alignment with business requirements, enhancing monitoring efficiency and enabling proactive identification and management of compliance issues.

Web Content Filtering

IT administrators can now control website access on Windows Modern devices. Effectively manage allowed and blocked websites, domains, and IP addresses, seamlessly applying restrictions on devices for Chrome, Firefox, and Edge web browsers. Users gain access only to defined web content, reducing security risks and data leakage on unsecured networks. This feature enhances business efficiency, promoting a secure work environment while boosting productivity.

Windows Hello

Enhance device security by enabling IT administrators to effortlessly activate and configure Windows Hello settings through the MobiControl web console. This feature allows users instant access to Windows Modern devices using a secure PIN, facial recognition, or fingerprint, mitigating the risks associated with password reuse and vulnerability to phishing attacks. IT administrators gain control over configuration settings, providing a seamless and efficient login experience while strengthening protection against credential theft.

Windows Sandbox Environment

Empowering IT administrators, this feature enables the effortless activation or deactivation of the Sandbox environment for individual devices or groups via the web console with a single click. It safeguards Windows Modern devices during application testing, streamlining security across extensive device fleets. This capability minimizes malware risks and ensures a secure testing environment.

Linux

Package Script Status and Output

Admins can now see the status of scripts associated with the package sent to devices via packages and request the output of executed scripts from the device by enabling the Capture Script Status and Output toggle while sending a script to the device.

Authentication Payload

This functionality empowers administrators to establish password compliance for users, requiring them to set a password that meets specific criteria, ensuring that passwords used on their Linux devices are robust and serve as a crucial initial defense against security breaches.

SOTI Surf

SOTI Surf SSO through SOTI Identity

SOTI Surf now supports single sign-on authentication via SOTI Identity, enabling users to sign-in once and have access to all their essential webapps. This feature provides a more seamless, efficient, and productive user experience within a more secure user verified workflow.

Configure Desktop Mode and User Agent

Administrators can now configure SOTI Surf to render web content in Desktop mode by default, removing the need for users to toggle the rendering mode themselves.

Additionally, administrators can now customize the User-Agent value that is advertised by SOTI Surf to ensure compatibility with websites which have specific expectations about the web browser being used.

Deprecations

SharePoint 2013

With the recent Microsoft announcement to end support for Microsoft SharePoint 13, SOTI Hub has deprecated support for Microsoft SharePoint 13. SOTI Hub will continue to support Microsoft SharePoint Online.

Resolved Issues

MCMR-33383 

SOTI Identity users were unable to view and edit Profile permissions  

MCMR-34116 

Profiles were stuck on ‘Pending Install’ status on certain Zebra devices 

MCMR-31498 

Improved performance for phone call profiles with multiple phone numbers 

MCMR-32331 

Improved overall web console performance  

MCMR-34820 

Packages were not loading correctly within profiles 

MCMR-35354 

Logging out of Azure shared device using the device action in the web console did not work 

MCMR-33498 

Profile assignment failing due to previously configured package installation date not being updated. 

APIs 

The following REST APIs were introduced in MobiControl 2024.1.0: 

Export and Import Profiles Improvements 

  • Request the export of given profiles and packages
  • Download the zip archive of profiles and packages given the export session reference ID
  • Retrieve a summary of the packages associated with a given set of profiles
  • Cancel an import session given the session reference ID
  • Start an import session given the import session ID
  • Request the import of a zip archive of profiles and packages 

File Sync Policies 

  • Request the list of all File Sync Policies
  • Request to download the CSV of File Sync Policy listing summary
  • Request to email File Sync Policies summary listing
  • Retrieve the list of logs for the specified File Sync policy
  • Get the count of information, warning, and error logs for the specified File Sync policy
  • Disable the specified File Sync policy
  • Assign the specified File Sync policy to target devices and device groups
  • Retrieve assignment information for the specified File Sync policy
  • Create a new File Sync policy
  • Update the specified File Sync policy
  • Retrieve details of the specified File Sync policy
  • Delete the specified File Sync policy
  • Get the list of Root Folders along with their information
  • Retrieve details of the specified folder and its subfolders
  • Get the list of all files in the specified location along with their information
  • Create a new Folder at the specified location
  • Update the name of the specified file or folder
  • Upload files to the specified folder
  • Download the specified file
  • Delete the specified file or folder 

Reports 

  • Retrieve the list of all Schedules for a specified Report
  • Retrieve details of the specified Report Schedule
  • Create a new Report Schedule
  • Update a specified Report Schedule
  • Update the specified Report Schedule based on the defined action type
  • Delete the specified Report Schedule
  • Enqueue a scheduled report
  • Retrieve the list of logs for the specified Report Schedule
  • Get the count of information, warning, and error logs for the specified Report Schedule
  • Retrieve the list of all clear reports
  • Import a clear report
  • Get parameters for the specified report
  • Retrieve the list of all Queued Reports with status
  • Enqueue a specified report
  • Dequeue the specified Queued Report
  • Download the specified Queued Report
  • Cancel the specified Queued Report
  • Restart the specified Queued Report 

Data Collection Policy 

  • Retrieve the list of all Data Collection Policies
  • Download the CSV of Data Collection Policy listing summary
  • Email Data Collection policy summary listing
  • Retrieve the list of logs for the specified Data Collection policy
  • Get the count of information, warning, and error logs for the specified Data Collection policy
  • Disable the specified Data Collection policy
  • Assign the specified Data Collection policy to target devices and device groups
  • Retrieve the assignment information of the specified Data Collection policy
  • Create a new Data Collection policy
  • Create a new Data Collection policy for Apple devices
  • Update the specified Data Collection policy
  • Update the details of the specified Apple Data Collection policy
  • Retrieve details of the specified Data Collection policy
  • Retrieve details of the specified Apple Data Collection policy
  • Delete the specified Data Collection policy 

Device Relocation Policy  

  • Retrieve the list of all Device Relocation Policies
  • Download the CSV of Device Relocation Policies summary listing
  • Email Device Relocation policy summary listing
  • Retrieve the list of logs for the specified Device Relocation policy
  • Get the count of information, warning, and error logs for the specified Device Relocation policy
  • Disable the specified Device Relocation policy
  • Assign the specified Device Relocation policy to target device groups
  • Retrieve the assignment information of the specified Device Relocation policy
  • Create a new Device Relocation policy
  • Update the specified Device Relocation policy
  • Retrieve details of the specified Device Relocation policy
  • Delete the specified Device Relocation policy 

Telecom Expense Management Policy

  • Retrieve the list of all Telecom Expense Management Policies
  • Retrieve details of the specified Telecom Expense Management policy
  • Disable the specified Telecom Expense Management policy
  • Delete the specified Telecom Expense Management policy
  • Create a new Telecom Expense Management policy
  • Update the specified Telecom Expense Management policy
  • Download the CSV of Telecom Expense Management Policy listing summary
  • Email Telecom Expense Management policy summary listing
  • Get the count of information, warning, and error logs for the specified Telecom Expense Management policy
  • Retrieve the list of logs for the specified Telecom Expense Management policy
  • Assign the specified Telecom Expense Management policy to target devices and device groups
  • Retrieve the assignment information of the specified Telecom Expense Management policy
  • Retrieve the list of all Telecom Plans
  • Get details of a specified Telecom Plan
  • Create a new Telecom Plan
  • Update a specified Telecom Plan
  • Delete a specified Telecom Plan
  • Retrieve a specified schedule
  • Create a new schedule
  • Update the specified schedule
  • Delete the specified schedule 

Email Servers 

  • Retrieve the list of all the email server logs
  • Retrieve the list of all the email server log count 

Cloud Link Agent  

  • Retrieve the List of Cloud Link Agents
  • Retrieve the details of the specific Cloud Link Agent
  • Creates a Cloud Link Agent.
  • Deletes the specific Cloud Link Agent.
  • Renews the configurations for a specific Cloud Link Agent 

Enterprise Resource Gateway  

  • Retrieve the List of all Enterprise Resource Gateway
  • Retrieve the details of specific Enterprise Resource Gateway
  • Deletes the specified Enterprise Resource Gateway
  • Downloads the extendible file of Enterprise Resource Gateway Setup File
  • Retrieve the Logs for the specific Enterprise Resource Gateway
  • Retrieve the count of information, warning, and error logs for the specific Enterprise Resource Gateway
  • Retrieve the details of all Exchange Devices in the Enterprise Resource Gateway
  • Deletes the specified list of exchange devices from the Enterprise Resource Gateway
  • Updates the details for specific Enterprise Resource Gateway 

Printer Administrative Server 

  • Retrieve the List of Printer Administration Servers
  • Retrieve the details of the specific Printer Administration Server
  • Creates a Printer Administration Server
  • Updates the specific Printer Administration Server
  • Deletes the specific Printer Administration Server
  • Downloads Printer Administration Server client certificate
  • Regenerates the client certificate for specific Printer Administration Server
  • Fetches the certificate details for specific Printer Administration Server
  • Scans the devices connected to the specific Printer Administration Server
  • Downloads the Printer Administration Server log file
  • Retrieve Management Server Logs for specific Printer Administration Server
  • Fetches the count of Logs in specified Printer Administration Server 

Servers and Logs 

  • Retrieve the logs for all Management Servers
  • Retrieve the logs for a specific Management Server
  • Retrieve the count of information, warning, and error logs for all Management Servers
  • Retrieve the status of the specified Management Server
  • Retrieve the count of information, warning, and error logs for the Specific Management Servers
  • Deletes the specified Management Server
  • Retrieve the status of the specified Deployment Server
  • Retrieve the logs for all Deployment Servers
  • Retrieve the logs for a specific Deployment Server
  • Retrieve the count of information, warning, and error logs for all Deployment Servers
  • Retrieve the count of information, warning, and error logs for the Specific Deployment Servers
  • Deletes the specified Deployment Server
  • Generates the Debug report
  • Downloads the Requested Trace log 

Bulk Action Limits 

  • Retrieve the Bulk Action Limits for a specified user
  • Retrieve the Bulk Action Limits for a specified role
  • Retrieve the Bulk Action Limits for a specified user group
  • Updates the Bulk Action Limits for a specified user
  • Updates the Bulk Action Limits for a specified role
  • Updates the Bulk Action Limits for a specified user group 

Zebra LifeGuard OTA 

  • Retrieve the list of devices currently scheduled for firmware upgrade