15.6.2 SOTI MobiControl Release Notes Build 1015 | March 13, 2023

Release Highlights

XTreme Hub on Linux

Administrators can now enroll Linux devices as XTreme Hubs. XTreme Hubs enable faster deployment of files and packages from the SOTI MobiControl server to the managed devices. As an intermediary between the SOTI MobiControl deployment servers and the Android or Windows Mobile/CE devices, Xtreme Hub reduces the bandwidth load on the network connection between the server and the devices. Note that Xtreme Hub functionality is available only to SOTI MobiControl customers who have purchased the SOTI Premium Plus or Enterprise Plus Service.

Improved Antivirus Details for Android Devices

We’ve added more information to the Antivirus details section of Android devices, like scan results, scan duration, and antivirus version, to help users with a more complete picture of their antivirus status. Please note, when MobiControl is upgraded, the old antivirus data is not migrated to be displayed. New data will be shown after the first time the user performs the device scan and updated with every scan after.

Revamped FileVault Experience for macOS

MobiControl Web Console users can now decrypt the Personal Recovery Key (PRK) escrowed from macOS devices within the MobiControl Web Console. Users need specific permissions to view the decrypted PRK or download the encrypted PRK in Web Console. The PRK can be rotated for security reasons, on demand, or on a schedule defined from under Advanced Configurations. MobiControl administrators have access to three new reports, providing information on administrative aspects of PRK access, lists of devices with PRK with an inactive PRK encryption certificate, and lists of devices that require further action before PRK can be decrypted.

Manage ‘USB Restricted Mode' for macOS Ventura

Administrators can now allow USB devices to connect to macOS machines without device user approval/authorization, which is restricted by default in all macOS devices using Ventura or later.

Delay Updates for macOS

MobiControl now allows administrators to delay the availability of OS and non-OS updates and upgrades for enrolled devices from the Feature Control payload.

Manage Software Updates for macOS

Besides managing the delay to the updates, the administrators can now define the mechanism the devices should be following for checking, downloading, and installing of updates.

Upgrade Considerations

  • If you are using an older version of the Cloud Link Agent (CLA) (e.g.,1.x, 2.x ,3.x or 4.0), you must upgrade to CLA 4.1. Before upgrading, you must uninstall the older version of CLA. If CLA 4.1 is not set up with SOTI MobiControl 15.6.0, any operation or functionality related to LDAP and AD CS will not work.
  • If you are upgrading to SOTI MobiControl 15.6.0 and above, .NET Runtime 6.0 and ASP.NET Core Runtime 6.0 must be installed with all critical updates on the host server before you proceed with running the SOTI MobiControl installer.
  • If you are installing or upgrading to SOTI MobiControl 15.6.0 and above on a multi-server setup then port 13131 needs to be open for outbound communication from the Management and Deployment Servers to the server where the primary MobiControl Signal Service is hosted.
  • If you are upgrading from an older version of SOTI MobiControl (15.5.0 and before), “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to SOTI MobiControl Administrators, SOTI MobiControl Technicians and SOTI MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.
  • If you are upgrading from an older version of SOTI MobiControl (15.5.0 and before), “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to SOTI MobiControl Administrators, SOTI MobiControl Technicians and SOTI MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.

On upgrading from a version of MobiControl less than 15.6.0 to version 15.6.0 or higher the following impacts will be observed:

  • Functions to add, modify and remove roles are no longer accessible within the SOTI Identity console.
  • SOTI Identity roles that appeared in MobiControl as SOTI Identity user groups will be removed as part of the upgrade.
  • SOTI Identity users and groups that were mapped with SOTI Identity roles will be listed directly in MobiControl with the same permissions that those users and groups previously inherited from SOTI Identity roles.

As a result of the above impacts, you may also have to recreate roles in MobiControl and associate them with the correct SOTI Identity users and groups. If you were using SOTI Identity for device side authentication through Add Device rules or Enrollment policies, or if you had mapped SOTI Identity user groups in the MobiControl Shared Device configuration, you must remap these in MobiControl after upgrading. Click here for a detailed explanation on these changes.

  • For the updated configurations required for the new features to be deployed to the targeted devices, customers that already have a FileVault configuration deployed on their enrolled macOS devices will have to edit and reassign their profiles after making the required changes to the FileVault configuration. You can find the detailed procedure to edit and perform the re-assignment of profile/configuration is mentioned in our help documentation.

  • When MobiControl is upgraded to 15.6.2, old antivirus data on Android devices will not be migrated to be displayed in the new detailed Antivirus section. Instead, this section will be blank until the user performs a new device scan after MobiControl is upgraded to populate the antivirus fields in the device details pop-up.

Deprecations

Changes to Device API Endpoints

As part of a future release, targeting September/October 2023, we are updating the API endpoints /devices, /device/search, and /device/{deviceid} to remove the device property ‘PasscodeEnabled' for macOS due to Apple not supporting it for these devices. After the future release, ensure you are working with the most recent versions of these APIs to avoid any business impact.

Resolved Issues

MCMR‑30866 Packages were getting stuck in Pending install state indefinitely
MCMR‑31261 Web console components functioned incorrectly when using the Turkish language setting
MCMR‑31661 Files bypassed XtremeHub and synced directly through the deployment server
MCMR‑31861 Actions on a single profile were triggering other scheduled tasks in multiple profiles
MCMR‑31898 Antivirus scan report was incorrectly displayed in UNIX time format
MCMR‑31904 Zebra OEMConfig app pushed the entire schema each time the managed App Config policy was saved
MCMR‑31999 Special characters in the script name were preventing profile installation in Task Scheduler
MCMR‑32045 Lockdown profile management with large number of templates had performance issues in chromium based (Chrome and Edge) browsers
MCMR‑32071 Profiles were stuck in a Pending Install state on Windows Modern devices
MCMR‑32237 Packages could not be deployed to devices and post install scripts did not trigger when using /packages/v2 API
MCMR‑32395 Package Studio file header changes were not retained when the project file was reopened for editing for printers
MCMR‑32673 Administrators could not Configure L2TP VPN payloads for macOS devices when all the VPN settings were pre-filled

15.6 Build 1018 on September 19, 2022