2024.0 SOTI MobiControl Release Notes Build 1075 | October 03, 2023

Note: SOTI MobiControl 2024.0.0 Build 1075 replaces the previous build (1074) posted on October 3, 2023.

Changes to Version Numbering

Going forward, the versioning of all SOTI products is being changed to provide a more consistent label that better reflects the timing of the release. 2024.0 is the next release after 15.6 for SOTI MobiControl, and all following releases will use this numbering convention.

Release Highlights

This release includes the following new features:

Import and Export Profiles

In SOTI MobiControl, you can now export Android profiles and their configurations from one environment and import them into to another. Administrators can leverage this feature to quickly transfer profiles between multiple environments, reducing the need for repetitive manual copying and eliminating the chance of human error.

Single-Sign On (SSO) for Shared Apps

We’ve added support for Mobile SSO for Android and iOS, Imprivata, and Microsoft Authenticator for single sign-on (SSO) for apps on your managed devices.

Microsoft Entra ID Shared Device Mode

You can now use Microsoft Entra ID Shared Device Mode for signing shared device users in and out of Microsoft apps such as Outlook and Teams, as well as 3rd party apps integrated with the Microsoft Authentication Library (MSAL). You can also configure automatic logouts, retain or clear app-specific data after logout, or set conditional access for Microsoft 365 apps to keep shared app access secure.

Imprivata Mobile Device Access (MDA)

Shared device users can now tap their Imprivata NFC-enabled badges to securely and quickly access their Android Work Managed devices and business-critical mobile applications thanks to SOTI MobiControl’s integration with the Imprivata MDA app. Only applications integrated with the Imprivata MDA SDK will be able to SSO via this method.

SOTI Mobile SSO for Android and iOS

This option is for businesses which aren’t looking to leverage Microsoft’s Shared Device Mode or Imprivata’s MDA but are still looking to improve the security and productivity of their frontline workers with SSO. SOTI Mobile SSO is powered by SOTI Identity, where-in SAML and OIDC capable mobile applications are registered, and users authenticated. After an initial sign-on, subsequent authentication challenges are managed without any further user interaction via certificate-based authentication.

SOTI Search

Our Search function has undergone a complete re-design under the hood with our latest release. It now delivers vastly improved searching and indexing speed as well as overall greater reliability. Moreover, customized property indexing delivers even faster results while optimizing resource use.

New Features and Improvements

Microsoft Integrations

Microsoft Entra ID Enrollment Authentication for iOS, macOS and Android Devices

With this feature, users can now directly authenticate iOS, macOS and Android devices upon enrollment using Entra ID (formerly “Azure AD”) without the need to configure Entra ID as an IdP. This streamlines a previous lengthy and potentially frustrating experience into a quick, simple process.

Microsoft 365 Conditional Access - Shared Mode Registration

In MobiControl 15.5.0, SOTI introduced integration with Microsoft to conditionally grant or deny access to Microsoft 365 apps on iOS and Android devices based on the devices' compliancy statuses. This was originally limited to corporately-owned dedicated and BYOD devices – a one-to-one association between device and user. This new improvement no longer requires user to device association, meaning MobiControl can deem a device compliant or non-compliant without affecting the users. Lastly, registration of the device to Microsoft Entra ID (formerly “Azure AD”) will be automatically triggered, removing the need for repetitive manual authorization.

Microsoft 365 App Protection Policy

Admins can now select the specific apps they want to apply Microsoft 365 App Protection Policy to, instead of having to apply to all apps. This is applicable to Android and iOS devices. We’ve also introduced the Access Restriction tab where users can set app access policies for Microsoft 365 mobile applications on the Android platform, such as requiring a PIN or corporate credentials to access the protected apps.

System Administration

Easily View Device Group Level Profile Assignment

You can now see all the Profiles you’ve assigned to a device group without the need for cross-referencing profiles or devices. This information is accessible in the new Profiles & Policies tab when viewing a Device Group or by selecting Profiles & Policies when right-clicking on a Device Group. Users can filter the assigned profiles and policies by device family and quickly access individual profiles and policies by clicking on the accompanying hyperlink.

Support for External Notifications (Webhooks)

MobiControl can now provide real-time external notifications to third party applications via Webhooks. This opens valuable automation opportunities for customers to instantly update their external systems whenever a specific event or condition in MobiControl occurs. Webhooks are triggered via Signal Policies, where users have a wide range of events and conditions to choose from. Users are also able to craft the payload and choose what parameters about a managed device they would like to receive with the webhook notification.

Signal Policy – Custom Data Support

Administrators can now take advantage of custom data pulled from devices to create conditions for triggering Signal Policies. These conditions are supported for the Managed Device category. This feature allows a myriad of new customized conditions which can be configured accordingly to more business specific use cases.

Signal Policy – Apple Platform Support

Signal Policy users are now able to monitor and trigger Signal Policies for Apple devices. Customers deploying iOS, and macOS devices are now able to create complex and customized conditions for triggering automated actions from a wide range of properties and events found across MobiControl.

License Information

You can now access and update License Information directly via clicking License Information in the hamburger menu. Users can also use public APIs to View and Update License information.

Improved User Experience for Rules, Servers and Reports

In this latest update, we've diligently worked to enhance and streamline the user experience on several fronts. Windows Modern Enrollment, File Sync, Data Collection, and Telecom Expense Management Rules are now accessible as Policies. Reports have been integrated into the new-generation user interface. Administration of Cloud Link Agents, Enterprise Resource Gateway, and Printer Administration Servers is now conveniently accessed via Global Settings. Additionally, we've centralized Management Server and Deployment Server logs under System Health for your convenience.

Limit Device Enrollment Per Policy

You can now set a limit on the number of devices that can be enrolled into MobiControl through an Enrollment Policy, providing more precise control of automated enrollment.

Custom Data and Custom Attributes Usage Details

MobiControl users can now view a list of configurations and device groups that a particular custom data or custom attribute is associated with while making changes to that respective custom data or custom attribute.

System Health – Signal Database and Signal Server Status

The System Overview page in System Health has been updated with information for the Signal Database and Signal Servers status. These improvements allow MobiControl administrators to know at a glance the status of the Signal Database and the status of individual Signal Servers so that actions can be taken immediately to remedy any issues found.

Built-in API Client Manager

With this new feature, users are now able to create and manage their own API clients directly within the MobiControl web console. Users can create and configure API clients by simply accessing the new API Client option under the Services tab in Global Settings. Users will be able to create API clients with a few simple clicks and get access to the client credentials information needed to authorize their application.

Authenticate SOTI Identity Users Without Email

Customers are now able to enroll devices and assign SOTI Identity users to devices in MobiControl via a username. This allows customers to skip the process of creating enterprise email accounts for all their end users. These users may be searched for across MobiControl where user search is supported and the associated email or username of the user is displayed in the User Details section of the Device Information panel.

Additional Search Operators

Users are now able to employ the IN and NOT IN search operators when performing a device search or assigning Profiles and Policies. Users may copy and paste multiple comma-separated values or enter strings and numeric values in combination with an IN or NOT IN operator to specify the list of search results they wish to receive. Device Properties, applicable Extended Properties, Custom Data, and Custom Attributes are supported when using these operators.

Notification Panel Enhancements

Users are now alerted that there are new notifications to be read with a red dot indicator on the Notification bell icon. Unread notifications are now distinguishable from read notifications with a blue dot next to each unread notification. The users can now also mark a notification as Read or Unread and have the option to Mute or Unmute notifications. The notifications can now be filtered to view only Read, Unread, or Muted notifications or a combination of the three according to the user’s preferences.

Support for EJBCA

Users can now use Enterprise Java Beans Certificate Authority (EJBCA) in MobiControl, a trusted entity that stores, signs and issues digital certificates. EJBCA also supports Enrollment over Secure Transport (EST) protocol which is a cryptographic protocol that automates the issuance of certificates for public key infrastructure clients that need client certificates associated to a certificate authority. This new feature allows users to deploy EJBCA certificates for Wi-Fi profiles in MobiControl.

Basic Authentication Support for SCEP

With this new feature, users can now use basic authentication with server-side Simple Certificate Enrollment Protocol (SCEP) for the ADCS certificate authority type. SCEP secures the message exchange for the certificate signing request.

Hide Location and Collected Data Tabs

You can now restrict specified MobiControl users from accessing the Location or Collected Data tabs in the Per Device view across your entire device fleet.


Device Inactivity Profile

With this feature, customers can now automate actions to be performed on their Android devices after a set period of inactivity. You have the options to have the device play media or wipe app data after the device has been inactive for the specified period. This feature is only available to Android devices on MobiControl agent 15.4.0 or above.

Zebra LifeGuard OTA Enhancements

With this new enhancement, you can now view the user account currently logged in, reset the user account to log in with another user, and schedule OTA firmware updates to all the devices enrolled in MobiControl. These additional tools will help administrators provide quicker, more efficient results.

View Secondary SIM and eSIM Information

Customers can now view all information related to primary and secondary SIM as well as configured eSIM on the MobiControl web console. With more information available where you need it, you’ll have an easier time making more informed decisions. This feature is only available to Android devices on MobiControl agent 15.4.0 or above.

Automatic Logout on Shared Devices

We’ve added a new feature that enables administrators to configure shared devices so that they automatically logout after a set period of time or a set period of inactivity. This prevents applications that potentially contain corporate or personal information from being accessed by unauthorized users, keeping data secure and private.

Manage App Data on Shared Device Logout

You can now specify what data is retained and what data is wiped on user logout of a shared device. This new feature means greater control over retaining important data while still removing unneeded or potentially sensitive data from devices with multiple users.

Android Enterprise

Enrollment QR Code Generator

MobiControl admins are now able to create Android Enterprise enrollment QR codes directly from the web console. Previously, this feature was only available either through our Stage Programmer app or creation through a third-party QR code generator. With this addition, you are now able to create, save, edit and manage Android enrollment QR codes directly from the Enrollment Policy menu.

Agentless Enrollment Support for Corporate Personal

Agentless enrollment support is now extended to Corporate Personal devices. Admins can now enroll their Corporate Personal Devices via AMAPI, a cloud-based native solution provided by Google that uses new APIs where agent work is handled by Google.

Lockdown Screen Preview

With this enhancement, we’ve added support for a preview section in Lockdown, where admins can see a demonstration of the lockdown screen after selecting the necessary manufacturer and model along with the selected template before assigning it to the device. This makes it easier to ensure the template you’ve chosen is the right one for your device lockdown screen.

OEMConfig via Profiles

In the past, admins that wanted to utilize the power of OEMConfigs on their Android devices needed to deploy an App Policy, add the specific OEM application and then edit the Managed App Config for that application. With this new feature, we have enabled admins to configure OEMConfigs straight through profile configurations for Android Work Managed for the following OEM’s into the 2024.0.0 release: Samsung, Zebra, Honeywell, Panasonic and Datalogic. Admins will simply need to push a profile containing the appropriate OEMConfig payload without having to go through the process to configuring the Managed App Config for the OEM application in App Policies.

Whitelist Apps in Application Run Control

For all Android Enterprise profiles (Work Managed, Work Profile and Corporate Personal), we have enabled the ability for admins to select between configuring a list of blacklisted applications or whitelisted Applications for the Application Run Control configuration. This will ensure that instead of admins having to set a large list of applications to block based on their company's security and compliance policies, they can simply list out the select applications to allow on the device using Android Enterprise profiles, thus blocking user access to all other applications. By using this feature, admins can prevent any confidential information being shared unwillingly with third-party apps.

Phone Call Policy

For Android Classic devices, admins have been able to configure Phone Call policies to set restrictions on incoming and outgoing calls. However, to accomplish this same behaviour on Android Work Managed devices, admins needed to use custom scripts to accomplish the same behaviour. With this enhancement, we have added Phone Calls configuration support within Android Work Managed profiles to configure their organizational policies regarding incoming and outgoing calls on their Work Managed device. Deploying this configuration can increase the productivity of a device user by restricting unauthorized phone calls based on the business' needs.

IKEv1 Android Native VPN Support

MobiControl admins that enroll Android Enterprise devices have access to Android native VPNs that can be configured to secure their network traffic on their devices. In the past, admins had to create custom scripts to configure these native VPNs that were prone to configuration errors. With this enhancement, we’ve added the ability to configure four new VPN types in Android Work Managed profiles: IPSec XAuth RSA, IPSec XAuth Hybrid RSA, L2TP and PPTP. Configuring these native VPNs is easily discoverable through profiles and provides admins an error-free experience.

Profile Scheduling

In the past, when an admin wanted specific profiles or configurations to be active on their Android device for particular days of a given week and inactive for the remainder of the week, they needed to manually apply and revoke those profiles from their Android devices. With the addition of Profile Scheduling on Android, the admin can set a profile to be activated and deactivated from their devices based on a reoccurring weekly schedule that is configured at the time of assignment. This new feature can satisfy use cases such as activating a device lockdown exclusively during work hours, Mondays to Fridays from 9am to 5pm, and removing the lockdown while outside of work hours. In addition to that, admins can set different profiles to be active on different days of the week based on the business needs.


Shared iPad for Business

With Shared iPad for Business, multiple users can share an iPad by having their corresponding app data, files, policies, or mail accounts automatically loaded to the device when they sign in. Each user will have a separate storage partition on the device. Admins will have the ability to remotely delete or log out users. They will also be able to disable temporary sessions, so that only users with Managed Apple IDs can access the Shared iPad resources.

Modernizing Payloads

We’ve added support for various configurations, such as Kerberos ESSO Payload, Cellular Payload, IKEv2 VPN Payload, Lock Screen Message Payload, Per-App DNS Proxy, and Per-App Content Filter, so admins can leverage the fixes and benefits provided by these additional settings. This expanded range of configurations empowers admins to enhance the functionality and security of their systems, ensuring a more comprehensive and tailored experience for their users.


Task Scheduler

Admins can now schedule script execution on macOS devices, eliminating the need for manual intervention and ensuring consistent and reliable task execution. This empowers admins to automate the execution of scripts and, along with the Custom Data feature, you can target devices more efficiently. This feature is only available to macOS devices on MobiControl agent 2024.0.0 or above.

Custom Data

The new Custom Data feature provides you a valuable resource for better identification and targeting of macOS devices by allowing you to define your own searchable custom data sets. Defined custom data for macOS devices can be accessed in the MobiControl web console under Device Listing, Search, as well as under the Assign dialog. This targeted approach allows for more efficient allocation of resources, quicker troubleshooting, and seamless execution of device management tasks. This feature is only available to macOS devices on MobiControl agent 2024.0.0 or above.

Activation Lock Management

Admins can now bypass Activation Lock for enrolled macOS devices from within MobiControl via device action or manually on the device. This enables the swift transfer of devices to users and reduces device downtime. For security purposes, the Activation Lock Bypass Code for each device is stored in encrypted format and can only be viewed on the MobiControl web console by authorized individuals once they have the required permissions.

Recovery Lock Management

This new feature adds the capability of setting and resetting the Recovery Lock password from the MobiControl web console. This capability empowers organizations with an additional layer of protection by controlling the Recovery Lock password centrally and ensuring that only authorized individuals can access and make modifications to the device recovery.

Manage Disconnect Settings for Agent

You can now prevent device users from disconnecting from the MobiControl agent via the Disconnect button and potentially disrupting critical business operations. Admins can choose whether the Disconnect button is visible to users of the macOS MobiControl Agent from the MobiControl web console.

Restrict Changes to Login and Background Items

Login Items and Background Items are new features introduced in macOS Ventura. They provide users with the capability to manage and control which applications and processes run during the device startup and in the background. Device users may intentionally or unintentionally prevent critical applications and processes, including the MobiControl Agent, from running on their devices. With this release of the agent, admins can selectively disable the ability to change Login and Background Items and ensure the integrity and availability of critical applications and processes.

Erase All Content and Settings

With the introduction of Erase All Content and Settings (EACS) support for macOS devices, admins can securely and efficiently wipe all data and settings from macOS devices when necessary, using the legacy WIPE device action enhanced to support EACS. With just a few clicks, devices can be returned to their original factory state, ensuring data privacy and security. This capability streamlines the device reset process, saving time and effort for admins.

Software Updates Card UI Revamp

With the revamped UI of the Software Updates Card for macOS devices, admins can view their information in a more an intuitive way. The new interface offers a streamlined way review available updates, providing greater clarity on the updates and making it easier to make informed choices.

File Sync Policies are now supported for macOS

File Sync policies created for the Apple platform can now be assigned to macOS devices. With the new macOS support, administrators can now choose scripts to use (applicable for macOS only) while configuring file sync policies for Apple device family.


Linux Remote Lock

Administrators can now remotely lock and secure their Linux-based devices. This new feature renders the Linux device inaccessible to unauthorized users and serves as a valuable anti-theft measure. Access control mechanisms ensure that only authorized users or administrators can trigger the remote lock, enhancing the security of Linux devices and protecting your sensitive data. This is available in CentOS 8 and Ubuntu.


Windows Modern Enrollment Policy

We’ve migrated the Windows Modern Add Device rule to Enrollment Policy in MobiControl to support all the enrollment options available in the new front-end user interface of the Windows Modern device enrollment workflow.

Support Microsoft Entra Join Enrollment for MobiControl Cloud Customers

We’ve added a new enrollment type for our MobiControl Cloud customers to enroll their Windows Modern devices via Microsoft Entra Join (formerly “Azure AD Join”) Cloud Enrollment. This enrollment type was already available for on-premises instances but now it is also available for cloud instances. Entra ID Join is one of the methods for enrolling a Windows device into MobiControl – when the user signs into the device using Entra ID credentials, the device automatically enrolls into the MDM. We have implemented and published the MobiControl application in Entra ID cloud infrastructure which acts as trusted broker to facilitate Entra ID Join for MobiControl cloud customers.

XtremeHub Support for Windows Modern

In the past, when transferring large forms of business-critical content across a fleet of Windows Modern devices, this would cause a performance load on the MobiControl deployment server, resulting in the delayed distribution of files when the server is responsible for multiple tasks. With this enhancement, we are adding support for Windows Modern devices to be configured to receive content through XtremeHub enabled devices rather than the deployment server. Until now, only Android and Windows Classic devices could use the power of XtremeHub in association with content distribution.

Expanded Support for Multi-App Kiosk Mode

The Multi-App Kiosk Mode payload, previously known as Assigned Access: Configurations, is a great way to restrict a Windows Modern device users' access to a set of pre-defined applications, specified by the admin at the time of assignment. With this enhancement, we have added support for multiple users and user groups to be assigned to a single Multi-App Kiosk Mode payload, without the need to create duplicate payloads for multiple user accounts. Users that are part of local groups, AD groups, and Azure AD groups can be configured to be restricted to a Multi-App Kiosk Mode when they log in. Also, we have added support for the admin to specify a particular application to auto-launch once the device is logged into, further securing the device from unwanted access.

Firewall for Windows Modern

Previously, for admins to configure the Windows Defender Firewall for their MobiControl enrolled Windows Modern devices, they were forced to apply configurations through Group Policy or configure the firewall directly on the device. With this enhancement, we have provided the ability for admins to configure Firewall Settings and Firewall Rules payloads to set up their Windows Defender Firewall settings on their Windows Modern devices based on their business requirements to prevent unauthorized connections to their enterprise network.

Transition to Microsoft Edge and Application Auto-launch Support for Lockdown

Till now, the Lockdown payload on Windows Modern devices relied on an out-dated rendering engine based on Internet Explorer, meaning that many webpages and applications were not natively supported as they became incompatible with Internet Explorer. With this enhancement, we have updated the Lockdown payload to adopt a Microsoft Edge rendering engine, fit for any modern application and use case. Additionally, we have added support for home screen items to be selected to auto-launch when the device logs in. Combining this with the ability to set login options to auto login, this creates a seamless experience for any kiosk application of Lockdown to fully secure a Windows Modern device.

Configure Password Complexity for Windows Modern Devices

Password Complexity enables customers to configure complex passwords that are strong and difficult to breach. Previously, customers could not set criteria for complex passwords in the authentication payload or choose similar passwords for work and personal accounts, making their company devices more susceptible to phishing attacks and security breach. The Password Complexity feature prevents any unauthorized attempts to the customers device by utilizing the key capabilities of this feature.

BitLocker Keys

Administrators can now conveniently access BitLocker recovery keys through the MobiControl web console. This enables them to quickly provide the recovery key to the authorized device user in the event it is required by BitLocker.

Task Scheduler

Admins can now schedule script execution on Windows Modern devices, eliminating the need for manual intervention and ensuring consistent and reliable task execution. This empowers admins to automate the execution of scripts and, along with the Custom Data feature, you can target devices more efficiently. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.

Out of Contact Scripting

Admins can now configure automated script execution on Windows Modern devices when the device is out of contact for a specified period, eliminating the need of manual execution of scripts, ensuring consistent and reliable task execution when the device is out of contact. This empowers IT administrators to automate the execution of scripts. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.

Block USB and Serial Ports on Windows Modern Devices

You can now block USB and serial ports on Windows Modern devices, minimizing risk of data leakage and unauthorized access of devices. Admins can configure feature control profiles to specify the USB and serial ports to deny access to. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.

PowerShell Script Status and Output

Admins can now see the status of PowerShell scripts sent to devices via Send Script action and request the output of executed scripts from the device. By enabling the Capture Script Status and Output toggle while sending a script to the device, admins can take full advantage of this new feature. This feature is only available to Windows Modern devices on MobiControl agent 2024.0.0 or above.

Windows CE 8.0 Support

We’ve added support for devices with the Windows CE 8.0 OS to MobiControl, expanding the available options for supported operating systems.

Zebra Printers

Macros in Wi-Fi Authentication Settings for Printers

While configuring the Security settings for Zebra Printer Wi-Fi configurations, the username field in the authentication section had to be hardcoded. This led to IT admins wasting a lot of time and effort to update the username for every printer. Users can now use macros for the username field, where the username can be set to the printer’s Device Name or the Device Serial number dynamically.


Multiple Tabs in Kiosk Mode

We’ve added the ability to add multiple tabs in Kiosk Mode to access other URLs. Admins can configure this feature from the web console.

Open Same Tab for Same URL

Admins can now configure links to reopen the same previously open tabs. With this toggle on, device users can navigate back to a previously opened tab and resume their work by clicking on the same link. If the tab is already open, no new tab is opened after clicking the link.

Automatic Authentication for Website Certificates

You can now to specify a list of URL patterns that Surf can use to automatically select client certificates, reducing manual effort for your admins.

SOTI Settings Manager

Configure Mobile Data Access Points

Admins can now configure whether device users can access device settings, and enable or prevent those users from managing their APNs.

Manage Device Security

Admins can enable users to manage their own device security, including the ability to change their device PINs or password from Settings Manager.

Manual Sync with SNTP Server

User can now sync their device's date and time with the data from SNTP servers if the device does not sync automatically.

Toggle for Flashlight

You can now toggle the permission to enable users to use their device’s flashlight.

Customise Access to Sections

You can now configure what sections of Settings Manager device users can access. You can even specify a section outside of the main screen as the default landing screen.


Microsoft Products

In MobiControl version 2024.0.0 and above, we will no longer support the following OS versions. These versions will be deprecated as Microsoft has already ended the support for them and they have reached the end of their lifecycle:

  • Windows Mobile 2003
  • PPC 3.0
  • PPC 4.20
  • PPC 4.21
  • CE 3.0
  • CE 4.1
  • CE 4.2
  • Windows 2000
  • Windows Server 2003, Windows Server 2008
  • Windows XP, Vista

Server Action Scripts in File Sync Rules

In MobiControl version 2024.0.0 and above, we will be deprecating the ability to use server action scripts within File Sync rules. If you are currently using server action scripts in your File Sync rules in MobiControl versions prior to 2024.0.0, you will be impacted by this change upon upgrading to MobiControl 2024.0.0 or above. Actions that were previously executed by server action scripts must be migrated to a different method within your existing File Sync rules. Refer to this SOTI Pulse article for more details.

Samsung E-FOTA in Global Settings

In MobiControl version 2024.0.0, we will be deprecating the ability to use Samsung E-FOTA and its related functionalities as it was deprecated by Samsung in July 2022. It has been replaced by Samsung Knox E-FOTA One and will eventually be integrated in MobiControl. Customers can use Samsung Knox E-FOTA to manage firmware on MobiControl enrolled devices on the Samsung Knox Admin Portal until it is available in the MobiControl web console as a single pane-of-glass approach.

Self-Service Portal in MobiControl

In MobiControl version 2024.0.0 and above, we have deprecated the ability to access the Self-Service Portal (SSP) via MobiControl. If you are currently using SOTI XSight, you can continue to use SSP through XSight by entering your domain URL in the browser followed by ‘/ssp’ (https://server.domain.tld/ssp, where server.domain is your SOTI server domain). If you do not have SOTI XSight installed, SSP will be unavailable.


The following new REST APIs are included in this release:

  • Android
    • Fetch android application icon from Google Content library
  • Zebra LifeGuard OTA
    • Reset the currently logged in OTA account with new account
  • Directories
    • Return a list of configured LDAP directories and Microsoft Entra ID directories (formerly “Azure AD”) directories using only custom Azure applications. Additionally, Azure application type parameter can be used to return the Entra ID directories with default Azure applications.
    • Return a list of configured Entra ID directories using only custom Azure applications. Additionally, Azure application type parameter can be used to return the Azure directories with default Azure applications.
  • License Information
    • Fetch license information
    • Update license information using registration
    • Update license information using offline activation
  • Webhooks
    • Create a new Webhook in MobiControl
    • Get all the Webhooks in MobiControl
    • Get Webhook Details in MobiControl based on the Reference ID
    • Delete Webhook in MobiControl based on the Reference ID
    • Update Webhook Details in MobiControl based on the Reference ID
    • Update Webhook Status in MobiControl based on the Reference ID
    • Test a Webhook in MobiControl
    • Create a new Basic Webhook Credential in MobiControl
    • Create a new ApiKey Webhook Credential in MobiControl
    • Create a new None Webhook Credential in MobiControl
    • Get Webhook Credential Details in MobiControl based on the Reference ID
    • Delete Webhook Credential in MobiControl based on the Reference ID
    • Update Basic Webhook Credential Details in MobiControl based on the Reference ID
    • Update ApiKey Webhook Credential Details in MobiControl based on the Reference ID
    • Update None Webhook Credential Details in MobiControl based on the Reference ID
  • Device Group Profiles and Policies Cards
    • Get Profile Digest info for a device group
    • Retrieve details for all application policies assigned to a device group
    • Return the list of all Device Relocation Policies for a specified device group
    • Return the list of all Data Collection Policies for a specified device group
    • Return the list of all Telecom Expense Policies for a specified device group
    • Return the list of all Enrollment Policies for a specified device group
  • Exporting and Importing Profiles
    • Export given profiles and password in a zip file
    • Import given profiles by getting a zip file and a password

Resolved Issues

MCMR-28017 AnyConnect VPN didn’t reconnect to devices after renewing certificates in the web console
MCMR-29849 File Sync was generating .TMP file access errors
MCMR-30918 iOS shared device mode login and logout would timeout and fail to complete
MCMR-31021 The path to the MCDeplSvc.exe service was unquoted in the registry
MCMR-31280 Profile assignment was not working correctly when adding or removing filter criteria
MCMR-31280 Profile assignment was not working correctly when adding or removing filter criteria
MCMR-31726 Custom data granular permissions were assigned incorrectly while editing a custom data
MCMR-31732 Information in the iOS Device Information report CSV file was not aligned properly
MCMR-31749 Some iOS devices unenrolled after upgrading from 14.58 (build 1073) to 15.5.1 (build 1010)
MCMR-32591 Profile assignment sections with large numbers of device groups had loading performance issues for existing assignments
MCMR-32857 Access right permissions could be removed from the Administrators group
MCMR-33287 Scheduled reports and alert events had incorrect SMTP email prioritization
MCMR-33446 The Notes section under device group advanced configurations would cause the web console to slow or freeze
MCMR-33534 Compliance status in CISCO ISE did not match compliance status in MobiControl

2024.0.1 Build 1020 on January 10, 2024