State Policies provide advanced device-side evaluation capabilities that allow administrators to detect conditions directly on devices, such as whether a device is inside a geofence, out of contact, returning a specific script result, or meeting custom criteria. These states can be referenced in Signal Policies, Compliance Policies, search, dashboards, and are tracked over time. State Policies help organizations accelerate troubleshooting, strengthen compliance, and increase automation through real-time condition monitoring.
Signal now supports group-level aggregation that allows administrators to trigger a single alert when a defined number of devices in a group meet the same condition. This prevents alert flooding, improves situational awareness, and accelerates resolution of sitewide outages and incidents.
Aggregation-based monitoring allows actions to trigger only when conditions persist or occur repeatedly within a defined time window. This reduces noise, highlights true fleet-wide issues, and helps teams focus on meaningful problems that require attention.
Deployment Center now provides a centralized view of all profile, policy, and file synchronization jobs with real-time progress updates, scheduling visibility, and filtering capabilities. Administrators can reschedule deployments and quickly identify conflicts or failures. This improvement enhances visibility, accelerates troubleshooting, and improves coordination across teams during largescale rollouts.
This update introduces a customizable unlock experience for authenticated lockdown, allowing users to securely log out directly from the unlock screen and enable fast device handoff in authenticated lockdown environments. This enhancement helps organizations improve operational efficiency, reduce IT intervention, and deliver a consistent and polished user experience across shared devices.
Administrators can now customize Windows operating system (OS) image deployments with disk partitioning, driver selection, and deployment-specific configuration options. This enhancement supports flexible and efficient provisioning by enabling tailored partition layouts and component inclusion directly from a golden image. This improves scalability, reduces manual post deployment steps, and ensures devices arrive optimized for their specific operational roles.
This update introduces centralized firmware update management for major Windows device OEMs, allowing administrators to deploy BIOS Firmware updates remotely and at scale. It streamlines update workflows, supports scheduled deployments, and ensures consistent firmware versions across device fleets. This functionality boosts device reliability, enhances security posture, and significantly reduces manual intervention for IT teams.
A comprehensive security dashboard now provides real-time insights into malware detections, scan results, and device health across Windows Modern environments. Administrators can now analyze threats by severity, source, type, and status to support faster mitigation and compliance requirements. The enhanced visibility strengthens proactive defense, reduces exposure to threats, and enables informed security decision-making.
Administrators can now deploy and manage iOS apps using Apple’s Declarative Device Management (DDM) capabilities, enabling devices to proactively maintain compliance and manage their own app state. This reduces network load, improves performance at scale, and accelerates device readiness. Organizations benefit from more reliable app deployment, stronger policy enforcement, and improved operational efficiency.
SOTI MobiControl now provides secure, high-performance connectivity for macOS devices through its integrated Virtual Private Network (VPN) solution. It eliminates reliance on third-party VPN tools, simplifies deployment, and optimizes bandwidth through split tunneling. Organizations benefit from stronger security, reduced complexity, and more efficient management of expanding macOS fleets.
Migration of Apple devices between SOTI MobiControl instances or from third-party Mobile Device Management (MDM) platforms is now supported, while preserving apps, configurations, and security controls. By ensuring devices are fully configured before Setup Assistant completes, it prevents security gaps and minimizes user disruption. This streamlined migration experience reduces postmigration support needs and ensures devices remain secure and operational throughout the transition.
SOTI MobiControl introduces a labeling system for profiles, policies, and other artifacts, enabling structured organization, filtering, and bulk operations. Administrators can categorize items by team, region, workflow, or purpose to improve discoverability and reduce errors. This capability enhances clarity and streamlines day-to-day configuration management in large environments.
This update introduces a centralized Script Management page that consolidates all scripts and their references into one unified view. Administrators can now search, filter, audit, and manage script relationships more easily, with stronger integrity controls that prevent editing or deletion of referenced scripts. This streamlined experience enhances governance, reduces overhead, and improves operational clarity.
SOTI MobiControl now enables role-based permissions at the individual script level, including None, Read Only, and Read and Write access levels. This strengthens governance by restricting access to sensitive or high-impact scripts while enabling broader delegation for routine tasks. Organizations managing complex or multi-tenant environments benefit from improved security controls, reduced risk, and greater operational efficiency.
SOTI MobiControl now enables role-based permissions at the individual artifact level for Policies and Enterprise Apps, including None, Read Only, and Read and Write access levels. This capability strengthens governance by restricting access to sensitive items while enabling broader delegation for routine administrative tasks. Organizations now benefit from improved separation between environments, enhanced security controls, and improved operational efficiency across different deployments.
This feature lets administrators halt profile deployments in real time, preventing further distribution of incorrect or undesired configurations. It helps reduce downtime, avoid largescale rollbacks, and supports faster delivery of corrected updates. With immediate intervention capabilities, teams gain better control and responsiveness during profile rollout cycles.
This enhancement now expands the Profile Change Approval workflow to include package and assignment updates, giving administrators a complete view of requested changes. Side-by-side comparisons and audit logging improve validation and reduce the risk of accidental deployments. This feature improves governance, accuracy, and confidence in high impact configuration changes.
SOTI MobiControl now adds bulk deletion of profiles and commonly used policies, supported by safeguards, exception lists, and audit logging. Administrators can quickly remove outdated configurations while ensuring accuracy through automated checks and warnings. This significantly reduces cleanup time and improves overall system hygiene.
The new Notification Center consolidates alerts, requests, system messages, and news into a single, easily navigable hub. Users can filter by date, priority, or status, access linked Signal policies for Alerts, and act on approvals more efficiently. This unifies operational visibility and accelerates responses to critical events across SOTI MobiControl.
This feature introduces device evaluated attributes for inactivity and disconnection, enabling automated actions, even offline, based on real-time conditions. It helps optimize device utilization during idle periods, supports automated maintenance, and reduces operational overhead.
SOTI MobiControl now expands Signal capabilities with support for additional events, macros, and properties to enable broader automation coverage. New supported events include Device Renamed and Device Deleted, while new macros include IP Address, OS Version, MAC Address, and Personal Name. A new property, Failed Password Attempts, is also now available within Signal policies.
This update streamlines Signal policy creation through dynamic filtering of categories, device families, conditions, and actions. It eliminates incompatible selections and ensures administrators can build valid policies quickly. The improved workflow reduces configuration time, improves accuracy, and enhances overall usability.
An enhanced API documentation portal with an all-new UI delivers categorized navigation and advanced search. With improved authentication flows and access controls, developers can build integrations faster and with fewer support dependencies. This enhances usability, accelerates onboarding, and strengthens workflow integrations.
This feature introduces OAuth-based Microsoft Entra application support for sending outbound email notifications from SOTI MobiControl, replacing soon to retire Basic Authentication. It ensures continuity of critical workflows like alerts, system notifications, and exports while aligning with Microsoft’s modern security standards. Organizations benefit from improved reliability, stronger authentication, and long-term compatibility with Microsoft 365.
SOTI MobiControl now enables administrators to define and manage multiple File Sync root paths directly within the web console, without requiring support assistance. This feature supports both local and network paths, offering greater flexibility for distributed file repositories. This enhancement accelerates workflows, increases customer autonomy, and reduces IT overhead for on-premises customers with diverse storage environments.
This update enables administrators to fully edit both existing and newly imported packages directly within the SOTI MobiControl web console, eliminating the need to rely on the legacy Package Studio. Administrators can now modify files, scripts, and versions with improved visibility through new saving and publishing progress indicators. This feature boosts efficiency, simplifies cross-instance workflows, and ensures consistent package management across environments.
Generic SCEP configurations now allow multiple certificate templates to use the same Certificate Authority (CA) identifier. This enables administrators to create multiple certificate templates in MobiControl under a single CA configuration, simplifying certificate management and removing the need to create duplicate CAs for different device or use-case requirements.
Administrators can now review and approve enrollments for Windows Classic Desktops/Servers, Windows Classic VPN Server, and Windows Classic SOTI XTreme Hub, ensuring that only authorized devices are enrolled and that configurations are applied only after approval.
SOTI MobiControl now enables administrators to automate device password change reminders with configurable skip limits, ensuring users update their device passwords within defined security timelines. It helps reduce password related vulnerabilities, strengthens compliance, and lowers IT overhead by eliminating manual follow-ups. The result is a more secure and efficient device security experience across Android deployments.
SOTI MobiControl now enables administrators to assign delegated administrative permissions to Android applications directly through App Policies, removing the need for scripting. It simplifies setup by providing a single, intuitive interface to grant or block permissions for Managed Google Play and Enterprise apps. The update enhances efficiency, reduces errors, and makes advanced permission management accessible to all IT teams.
This feature provides administrators with the ability to include multiple CA certificates in a single Wi-Fi payload, ensuring devices stay connected during certificate transitions. It supports seamless phased migrations by allowing authentication with both existing and new certificates. This reduces service disruptions, minimizes IT workload, and strengthens secure connectivity across large device fleets.
This update introduces network aware download control, enabling administrators to specify which network types are allowed for app downloads. It helps optimize deployment speeds, limit data costs, and ensure downloads occur only on approved, secure networks. By aligning downloads with business priorities, organizations improve predictability, reduce administrative oversight, and enhance overall deployment efficiency.
This feature allows administrators to upgrade the Gmail Android Enterprise binding to use the company domain email. This transition is seamless, with zero impact on existing devices. It will allow for stronger security, better IT compliance, and enables the management of multiple enterprises through a single domain account.
Administrators can now centrally manage Safari settings on iOS, iPadOS and macOS devices using SOTI MobiControl configuration profiles. This feature provides seamless deployment of corporate bookmarks, homepage settings, and browsing controls, ensuring a consistent and compliant experience across the Apple ecosystem. It helps users access key corporate resources faster while improving policy enforcement and reducing support requests.
This feature now allows administrators to manage local macOS user accounts directly from the SOTI MobiControl web console. It streamlines password resets, privilege updates, and account lifecycle tasks, reducing the need for manual intervention on individual devices. This improves operational efficiency, strengthens security, and helps maintain a consistent user environment across the macOS fleet.
This update introduces Account Driven Enrollment for iOS and macOS, allowing users to enroll devices using Managed Apple IDs and integrated identity providers. The capability simplifies onboarding for both COPE and BYOD scenarios by reducing manual setup steps and aligning enrollment with modern Apple workflows. It improves clarity, enhances user experience, and accelerates deployment across diverse device environments.
With this new feature, administrators can now run pre and post install scripts as part of macOS enterprise application deployments. This enables automated environment checks, configuration tasks, and cleanup actions without the need for third party packaging tools. The functionality helps increase deployment reliability, reduce manual workload, and ensure consistent configuration across devices.
This update introduces advanced declarative app and package management for macOS, giving administrators precise control over app deployment, updates, and configuration. It supports version pinning, secure Managed App configuration, and detailed installation reporting to maintain consistency and strengthen security. The feature empowers organizations to streamline IT operations while offering users a modern, self‑service experience.
This update allows administrators to simplify Account Driven User Enrollment by enabling automatic hosting of the required discovery file within SOTI MobiControl. The feature also provides fallback URL support, ensuring reliable enrollment even when the organization’s primary domain is unavailable. It reduces manual hosting effort, increases enrollment success rates, and improves automation across Apple deployments.
This feature helps organizations securely route app specific traffic on iOS and iPadOS using SOTI’s native Per-App VPN client. It centralizes configuration within SOTI MobiControl, eliminates third-party VPN dependencies, and enhances performance through selective tunneling. Customers gain stronger security, simplified management, and reduced licensing costs across mobility deployments.
Bootstrap tokens for macOS devices are now automatically escrowed to the MDM server during enrollment, aligning with Apple’s recommended approach. Previously, bootstrap token configuration required manual enablement through Advanced Configurations. With this update, newly enrolled devices automatically escrow their bootstrap token, and existing enrolled devices will also have their tokens escrowed to the server, ensuring consistent availability across managed macOS devices.
This update introduces support for Windows 11 multi app kiosk profiles, allowing administrators to configure approved applications and design guided user experiences using Microsoft’s Cloud Solution Provider. This feature helps streamline kiosk deployments, reduce reliance on scripts, and strengthen security through centrally managed restrictions. It enables consistent, task focused workflows across retail, healthcare, education, and other shared device environments.
This update expands peripheral visibility across device groups, enabling administrators to view connected and disconnected peripherals such as printers, scanners, keyboards, mouse, and cameras directly from the Peripherals tab within Group Details. With search, status filtering, and export capabilities, organizations can now gain clearer insight into peripheral adoption and performance.
This feature lets administrators safely revert to problematic Windows updates and schedule patch rollbacks directly from the Platform Updates Dashboard. The update helps reduce downtime and improve visibility by enabling markers for failed uninstallation and detailed reporting for rollback actions. It strengthens patch management workflows and improves compliance tracking across Windows Modern devices.
This feature provides administrators with the ability to update the Windows Modern agent independently from server releases, enabling faster delivery of agent specific fixes and improvements. With direct agent downloads available in the SOTI MobiControl console, teams can quickly resolve issues without waiting for full platform upgrades. This increases agility, enhances troubleshooting capability, and improves operational efficiency.
With this new feature, administrators can now easily inject custom JavaScript into specific URLs within SOTI Surf for Windows to adjust rendering behavior or automate repetitive actions. This functionality empowers administrators to optimize web workflows such as autologin, screen navigation, or display adjustments without modifying the underlying web application. By enabling tailored script execution, organizations can streamline web-based tasks, improve usability, and reduce reliance on external browser tools.
Support for Symantec Certificate Authority (CA) has been removed in SOTI MobiControl 2026.1.0. Before upgrading, administrators must remove any existing Symantec CA configurations. Customers are encouraged to migrate their certificate workflows to a supported provider such as DigiCert CA. For more information, see this article.
The following REST APIs were introduced in SOTI MobiControl 2026.1.0:
MacOS metadata extraction for app policy
Fetching CVE details for an update
| MCMR‑38894 | The devices-per-page preference set in the web console was not retained after the server restarted, causing the setting to revert to the default value on the next login. |
| MCMR‑38895 | Device group tree expansion and sidebar width preferences set in the SOTI MobiControl web console were not retained after the server restarted, reverting back to default on the next login. |
| MCMR‑39692 | User attribute columns (such as Username and Email) could not be sorted or filtered in the Devices view because the sort icon was missing from those columns. |
| MCMR‑39897 | The German translation for “Ports” in the SOTI MobiControl Linux Agent for Ubuntu devices was incorrect. |
| MCMR‑39969 | Report downloads intermittently failed with a network error. |
| MCMR‑40119 | Remote Control session reports displayed negative duration values because session start and end times were recorded in reverse order. |
| MCMR‑40187 | The Deutsche Telekom mobile network (country code 901, network code 40) was not available as an option in APN configurations, and any manually added entries were removed after a SOTI MobiControl upgrade. |
| MCMR‑40585 | The maximum length allowed for policy names in Japanese was too restrictive, as the character limit did not correctly account for multi-byte Japanese characters. |
| MCMR‑40639 | Importing a CSV file for Android device group relocation failed when device group paths contained Unicode characters, returning an 'Invalid Destination Path' error. |
| MCMR‑40653 | An error occurred when attempting to search for or select app bundle IDs while building iOS profiles that require app names, such as Single App Mode or Home Screen Layout payloads. |
| MCMR‑40657 | Profiles went missing from the web console after upgrading the SOTI MobiControl server. |
| MCMR‑40736 | A profile assigned with a future deployment schedule remained inactive and did not activate at the scheduled time, even though the assignment appeared to be completed successfully. |
| MCMR‑40773 | An error was displayed when attempting to save an 'Enterprise Name' filter under Policy Filter Criteria, and the filter was not saved. |
| MCMR‑40832 | The Default column view was not visible to some SOTI Identity users in the web console, even when those users had the same permissions as users who could see it. |
| MCMR‑40843 | The Manual Device Relocation report displayed timestamps that were offset from the actual time of relocation. |
| MCMR‑41039 | APN configurations were not delivered correctly to devices, preventing cellular connections from being established as configured. |
| MCMR‑41040 | Applications installed through an App Policy were removed from iOS devices upon unenrollment, even when the 'Remove App When Device is Un-enrolled' option was disabled. |
| MCMR‑41041 | The search filter applied in the Device Details tab was cleared when navigating between devices using the previous and next arrows. |
| MCMR‑41070 | Application package versions could not be deleted from the web console after upgrading, as all checkboxes in the package version list were greyed out and not selectable. |
| MCMR‑41169 | The %ALERT% macro was no longer available in Signal Policies, preventing administrators from retrieving device location coordinates in alert notifications. |
| MCMR‑41178 | Deployment Server queue length grew excessively when File Sync policies targeted SOTI Xtreme Hub devices, causing performance degradation across the environment. |
| MCMR‑41187 | Attempting to regenerate an expired certificate for a Windows Modern enrollment rule returned an error and the certificate was not regenerated. |
| MCMR‑41292 | When entering text during device actions such as Send Message or Send SMS, Japanese and Chinese keyboard input duplicated each character typed on iOS and Android devices. |
| MCMR‑41304 | iOS App Policy configurations took an excessive amount of time to load the list of applications and their icons. |
| MCMR‑41321 | In a multi–Management Server configuration, Management Server 1 incorrectly redirected connections to Management Server 2 after a server reboot, instead of maintaining its own server address. |
| MCMR‑41351 | Compliance policies showed as 'Unknown' or 'Non-Compliant' on Windows Enterprise IoT LTSC devices immediately after enrollment, because the platform was not recognized as a valid Windows Enterprise edition. |
| MCMR‑41454 | The Norway Telavox mobile network (country code 242, network code 15) was not available as an option in APN configurations, and any manually added entries were removed after a SOTI MobiControl upgrade. |
| MCMR‑41466 | After upgrading, S/MIME signing was activated on iOS devices even when the S/MIME option was disabled in the Exchange ActiveSync configuration payload. |
| MCMR‑41475 | When a new version of an application package was deployed, users and their associated permissions from the previous version were removed and required manual reassignment. |
| MCMR‑41576 | After relocating an iOS device to a group no longer targeted by an App Policy, applications were removed from the device but continued to show as 'Uninstalled' in the web console rather than reflecting the correct status. |
| MCMR‑41643 | URLs containing a question mark character could not be added to Windows Modern Multi-App Kiosk configurations, as they were not accepted as valid URLs. |
| MCMR‑41659 | Selecting 'Mark All as Read' in the web console Announcements section did not persist, and unread notifications reappeared immediately after the action. |
| MCMR‑41710 | SOTI MobiControl server upgrades failed during the Management Service upgrade step for some server configurations. |
| MCMR‑41734 | After upgrading SOTI MobiControl, LDAP authentication stopped working on Windows Mobile/CE devices, causing users to receive authentication failure errors. |
| MCMR‑41765 | An incorrect Japanese translation was displayed in the iOS Feature Control profile. |
| MCMR‑41875 | An incorrect Japanese translation was displayed in the Windows Modern App Restriction profile. |
| MCMR‑41906 | When an App Policy assignment was removed from a Filter Group, the target device count for other unrelated App Policy assignments was incorrectly reduced. |
| MCMR‑41919 | User log exports from the web console were limited to 1,000 rows even when more log entries existed, preventing access to the complete log dataset. |
| MCMR‑41988 | Profile configuration tabs took an excessive amount of time to load when the profile included a wallpaper image. |
| MCMR‑42028 | Custom reports tracking screen time and app usage displayed inaccurate date and time data. |
| MCMR‑42068 | An inconsistent Japanese translation was used for the 'Location' data point in the web console. |
| MCMR‑42092 | Saving a Certificate Authority configuration failed when the certificate's Subject field exceeded the allowed column length, displaying a save error in the web console. |
| MCMR‑42175 | Donut charts in the web console displayed data proportions inaccurately, with small percentage values appearing as oversized segments. |
| MCMR‑42194 | The German translation of the 'Open' button in the Android agent app catalogue was incorrect. |
| MCMR‑42238 | fter performing an Enterprise Reset, SOTI MobiControl did not request a new Android Enterprise token during re-enrollment, causing the Managed Google Play account configuration to be lost. |
| MCMR‑42247 | The Network Restrictions values shown under the Profile Assignment tab did not accurately reflect the settings that had been configured. |
| MCMR‑42283 | When assigning a profile to users with multiple Directory Service Group Name criteria, no scrollbar was displayed in the assignment dialog, making it impossible to view or edit criteria that extended beyond the visible area. |
| MCMR‑42287 | Windows Modern devices did not consistently report as online in the web console after upgrading, even when the devices were enrolled and connected. |
| MCMR‑42309 | When a profile was removed from a device, other unrelated profiles that had custom attribute filters applied incorrectly changed their status from 'Installed' to 'Pending Install'. |
| MCMR‑42323 | When a keyword search filter containing a plus sign was applied in the Devices view, the resulting CSV export did not reflect the filtered device list. |
| MCMR‑42395 | Profile lists were not sorted alphabetically by default, and column-header sorting applied by the user was not retained when navigating away and returning to the page. |
| MCMR‑42417 | The Manage Android Agents menu failed to load after upgrading SOTI MobiControl, displaying an error that no compatible agents were found. |
| MCMR‑42427 | The Applications tab for newly enrolled devices was blank and displayed no installed applications. |
| MCMR‑42431 | On iOS devices without a physical SIM card inserted, duplicate eIMEI values appeared in both IMEI fields, and the ICCID field displayed 'Unknown'. |
| MCMR‑42454 | SOTI VPN lost connectivity when the device's network changed or the device was restarted, and the VPN did not automatically reconnect. |
| MCMR‑42467 | When per-app SOTI VPN was active, some applications stopped routing traffic through the VPN tunnel while the VPN connection itself remained active. |
| MCMR‑42492 | CIDR notation and host IP ranges could not be entered in the network firewall configuration, returning an 'invalid IP or IP range' error even for valid entries. |
| MCMR‑42527 | Addressed an issue where SOTI Surf unexpectedly redirected to the default website after logging in instead of returning to the initiating application. |
| MCMR‑42544 | Bulk device group actions failed when the device group folder hierarchy contained Japanese folder names. |
| MCMR‑42628 | App Policy release track selections reverted to the default value after saving, even when a non-default release track had been selected. |
| MCMR‑42640 | Lockdown Home Screen layouts could not be deleted, as an error indicated the layout was referenced by a lockdown profile even when no such reference existed. |
| MCMR‑42651 | Fixed an issue where tapping a phone number on websites in SOTI Surf did not trigger the call initiation screen. |
| MCMR‑42668 | When the SOTI MobiControl web console language was set to German, the day-of-week abbreviations in date pickers displayed English abbreviations instead of the correct German ones. |
| MCMR‑42697 | Email addresses containing hyphens could not be added to report delivery schedules and were rejected as invalid. |
| MCMR‑42726 | Fixed an issue where the device back button stopped working for in-browser navigation in SOTI Surf. |
| MCMR‑42727 | Custom attributes associated with a large number of devices could not be deleted, returning a reference error even when no visible profile or policy references existed. |
| MCMR‑42735 | Addressed an issue where SOTI Surf crashed when a PDF was reopened within the same session with the Hide Address Bar setting enabled. |
| MCMR‑42798 | Newly uploaded application package versions appeared at the bottom of the package version list instead of at the top, making the most recent version difficult to locate. |
| MCMR‑42879 | Lockdown profile configurations were lost after upgrading SOTI MobiControl, causing affected devices to lose their lockdown settings. |
| MCMR‑42939 | Keyword search in the web console returned incorrect results for certain search terms because some fields were queried using reversed search strings. |
| MCMR‑43236 | The SOTI MobiControl Deployment Server crashed intermittently when processing large device configuration payloads, resulting in an out-of-memory error. |
| MCMR‑43244 | Keyboard mapping configurations made in the Zebra OEM Config profile editor were not saved when the profile was saved. |
