MobileIron Core focuses on MDM, managing devices, and MAM, managing applications on these devices. Nowadays you can also place this under enterprise mobility management, emm for short. In addition, MobileIron Core can be combined with other products to extend its functionality, such as Sentry for secure data transfer and the Secure Workspace Apps including Help@Work, with which, for example, a helpdesk can view the screen of an iOS or Android device from a distance. MobileIron recently released version 10.8.0.0 of its Core with the following changes:
General features and enhancements
This release includes the following new features and enhancements that are common to all platforms.
- Filter users by LDAP OU in device registration, Spaces, and Labels
- Automatic device retirement capability for unused devices
- MobileIron Core banner informing of desktop capability on Cloud
- Shorter certification lifetimes for self-signed TLS certificates
- Mobile@Work self-service user portal customization improvements
- QR code based device registration
- Cascading style sheets and custom background colors
- End User Terms of Service agreements support text and language customization
- Multiple alias and friendly name support for PFX/P12 user certificates
- View Activity displays user device history
Android and Android enterprise features and enhancements
This release includes the following new features and enhancements that are specific to the Android and Android enterprise platforms.
- New Android enterprise work profile mode: With the introduction of Android 11, a new Android enterprise mode of deployment called Work Profile on Company Owned Devices has been added.
- New registration status added to accommodate “Work Profile on Company Owned Devices” for Android 11 devices
- Mobile@Work client no longer supports in-house apps for Managed device with Work profile mode on Android 11 devices
- Support for freeze period in system update
- Advanced Lock Task Features added
- Field name change: The field titled Enter Kiosk Mode Immediately has been changed to Enter Kiosk Mode Immediately on registration.
iOS and macOS features and enhancements
This release includes the following new features and enhancements that are specific to the iOS and macOS platforms.
- GDPR-compliant SIM EID field added to Device Details page
- New field added to Google Account configuration for iOS devices: A new field, Google User’s Full Name, has been added to the Google Account Configuration dialog box.
- Enrollment Customization added: A new option is available in the Apple Device Enrollment profile that gives the option to provide a Custom Enrollment URL for authentication and any custom messaging (corporate messaging, privacy info, etc.) during Apple Device Enrollment.
- Two new distribution options added to configurations: For macOS devices, administrators now have the option to choose to distribute the Wi-Fi and VPN configurations to either the Device Channel (effective for all users on a device) or the User Channel (effective only for the currently registered user on a device).
- Ability to specify individual syncing of Outlook Exchange items added
- New restriction added for iOS 14.0 devices
- New restriction added for macOS 11.0 devices
- New fields added to Device Enrollment Profile
- Skip the Accessibility pane
- Skip the Restore Completed pane
- Skip the Software Update Complete pane
- Disable Wi-Fi MAC address randomization field added: In iOS 14.0, Apple changed the default behavior for a device reporting its Wi-Fi MAC address to report a random address for new connections instead of the device’s actual Wi-Fi MAC address. In Core, a new option has been added to the Wi-Fi configuration to turn off this randomization.
- Authentication using OAuth: For email apps that support authentication using OAuth, the following additional settings are provided in the Exchange configuration: OAuth Sign In URL and OAuth Token Request URL. The settings are visible if Use OAuth for Authentication in the Exchange configuration is enabled.
- AppConfig XML Upload: For an iOS app in the App Catalog, administrators can add a managed app configuration from one of the following:
- AppConfig Community: Use this option if the app has an AppConfig specification in the community repository. This is the default option.
- Upload .xml spec: Use this option to upload an XML schema to push a particular version of app configuration for the app.
- VSP-63003: MobileIron Access registration would fail when a Secure Hypertext Transfer Protocol (HTTPS) proxy server was enabled on the outbound proxy. This issue has been fixed.
- VSP-62993: If there were duplicate Device ID entries for the same mailbox in the Active Sync Association page, status updates in Exchange using Integrated Sentry would fail. This issue has been fixed.
- VSP-62891: The Quarantine Device compliance action was missing an information icon with this message: “Once the device is quarantined, AppConnect apps must be reinstalled on the device before they will work.” This issue has been fixed.
- VSP-62874: There was an issue where Internet Explorer 11 would stop responding when editing and saving an Apple Automated Device Enrollment account. This issue has been fixed.
- VSP-62615: Admins were unable to see supervised macOS devices in the Device Details section of the Devices page. This issue has been fixed.
- VSP-62564: The Mobile Threat Defense (MTD) anti-phishing VPN was not being pushed to devices when MTD was activated through the managed app configuration. This issue has been fixed.
- VSP-62536: As a result of a Core configuration change, event template settings were failing to load. This issue has been fixed.
- VSP-62436: When transferring all licenses for a particular app from one Volume Purchase Program (VPP) location to another, the licenses were not deleted from the old location. The issue has been fixed.
- VSP-62419: When being edited, Android enterprise managed app configurations could show an incorrect value for a configuration key. This resulted from a difference between the order of the configurations in the UI and the database. This issue has been fixed.
- VSP-62300: Previously, when a filter label for a custom attribute was assigned to a device and then removed, MobileIron Core created duplicate audit logs for some API requests. This issue has been fixed.
- VSP-62248: Previously, multi-user log in or log out actions would intermittently time out after 30 seconds. The timeout value has been increased to 120 seconds.
- VSP-62211: There was an issue where forcing an app update for devices with managed app configurations generated an app installation status of “Not Installed.” This issue has been fixed.
- VSP-62166: Removing a label that was applied to both a wallpaper policy and a default policy would incorrectly re-push the wallpaper policy. This issue has been fixed.
- VSP-62154: Previously, the Audit log incorrectly reported that the administrator with the API role rather than the misystem user removed a filter label for a custom attribute. This issue has been fixed. The misystem user is the built-in MobileIron Core user that creates default rules and policies, and executes system maintenance tasks. This user does not appear the Admin Portal and has no assigned roles.
- VSP-62014, VSP-62182: Certificate authentication to the Admin and System Manager portal was blocked when the Certificate Revocation List (CRL) was inaccessible. A new option has been added to control whether to allow or block certificate authentication in this situation. By default, the system will allow the authentication when the CRL is inaccessible. The Core Admin portal will attempt to reconnect with the CRL every 24 hours, and the Core System Manager portal will attempt to reconnect with the CRL every hour. To change the option to block certificate authentication when out of touch with the CRL, contact MobileIron technical support.
- VSP-62002: Previously, there was an issue where labels applied to the AppConnect app would intermittently fail to apply the label to the provisioning profile. This issue has been fixed.
- VSP-61993: Previously, devices would sometimes be incorrectly quarantined after device registration, because data protection/encryption had not yet been enabled on the device. This issue has been fixed.
- VSP-61947: Previously, labels created using custom attributes were not being applied to the devices because labels were not being updated as a part of client check-in. This issue has been fixed.
- VSP-61934: Previously, there were some audit logs that did not display when selected in a search on the Audit Logs page. Application Started and Application Stopped searches were not returning correct results. This issue has been fixed.
- VSP-61893: Previously, when App catalog records were purged, sometimes not all of the necessary files were being deleted. This issue has been fixed.
- VSP-61643: Previously, when context-based logging was enabled, Core would continue context-based logging, even when a different mode was selected. A “Clear” button has been added to Core System Manager > Troubleshooting > Logs > Context based logging page to disable context-based logging.
- VSP-60900: Previously, when a device requested that Core renew its mutual authentication certificate, Core would generate the certificate with the following hard-coded subject, irrespective of what was entered in the Simple Certificate Enrollment Protocol (SCEP) setting Subject field: System Default Mutual Auth SCEP “Mutual Auth Enrollment-$RANDOM_32$”. The issue has been fixed.
- VSP-60303: Previously, the Apps@Work page did not fully display when rendered in full screen on devices running iOS 13.0 through the most recently released version as supported by MobileIron. This issue has been fixed.
- VSP-59576: Apple Push Notification Service (APNS) diagnosis check now goes through HTTP outbound proxy, if configured. Note that unlike prior versions, the test does *not* use the mobile device management (MDM) certificate for the test, so it will not detect Secure Sockets Layer (SSL) failures due to an expired MDM certificate. This issue will be fixed in a future version.
- VSP-52101: Previously, the Core product version was displayed on the login screen, which is visible to unauthorized users. This issue has been fixed.
- VSP-46061: Previously, bulk email notification recipients could see the names of the other recipients in the To field. This issue has been fixed. Core now enters recipient email addresses in the BCC (blind carbon copy) field, so recipient privacy is maintained.