Release notes for 2020 (10.77 - 10.80)

• Custom B2B app updates: MaaS360 allows administrators to automatically pull, distribute, and install custom B2B apps using a VPP token from the previous MaaS360 release. In this release, MaaS360 now allows administrators to automatically push app updates from the custom B2B app store.

  When an administrator or a developer updates the app in Apple App Store Connect, these updates are automatically available to MDM servers that use a configured VPP token. These updates might take up to a day to download from the B2B app store to MaaS360. The apps are pushed to devices based on the auto-update settings that are enabled by administrators in the MaaS360 Portal for iOS. The update mechanism for custom B2B apps is the same as the rules that are set for public app store app updates. Contact IBM Support to enable this feature.

  For more information, see Uploading the Apple VPP token to MaaS360. For more information on automatic app update settings for the App Catalog, see Configuring app settings in the MaaS360 Portal.

• End of support for iOS 10 and earlier device versions: MaaS360 only supports the last three versions of the iOS and macOS operating systems. From this release, MaaS360 will no longer support iOS 10 and macOS 10.12 (Sierra). MaaS360 might not fix operating system-related issues or bugs for these versions. Customers should upgrade their OS to the latest or supported operating system versions.

• Bulk enrollment support for the device account based on Device Owner enrollments: MaaS360 supports the user account and the device account for Android Enterprise enrollments. In previous releases, MaaS360 restricted the number of enrollments allowed per device account to one device. In this release, MaaS360 removes this restriction to allow hundreds of devices to be enrolled per device account. For more information, see Creating enrollment configurations in the MaaS360 Portal.
  Note: Bulk enrollment applies to device account type Device Owner enrollments only: QR code, Zero-touch, and Knox Mobile Enrollment programs. Google limits the number of devices that you can enroll to ten devices per user account.
• Location permission requirements on Android 10+ devices: With the new permission changes in Android 10, users are required to turn on location service and grant location permission to the MaaS360 app. The app displays the configured SSID in the Corporate Settings of the MaaS360 agent and reports the SSID that last connected to the MaaS360 Portal.

  The MaaS360 Kiosk app requires location permission to display wifi networks and Bluetooth devices that are in close range. Devices cannot discover wifi networks and Bluetooth devices until the location service is turned on.

  Note: If the permission is blocked by the policy, the user cannot turn on the location service on the device.

  For more information, see https://www.ibm.com/support/pages/node/5737491.

• Assign an asset number as a device name: MaaS360 adds a new option Prompt for Asset Number in the Device Owner Enrollment workflows that allows the administrator or user who is provisioning MaaS360 on a device to assign an asset number as a custom device name. For more information on assigning a custom device name, see https://www.ibm.com/support/pages/node/5737563.
  Note: This feature applies to device account type Device Owner enrollments: QR code, Zero-touch, and Knox Mobile Enrollment programs. This option is enabled by default if you are using device account-based enrollment.
• Limitations to the size of inline and attached images in Secure Mail: MaaS360 adds support to limit the size of inline images and picture attachments that are uploaded to Secure Mail. When users upload an image that exceeds the maximum inline or attachment limit, MaaS360 displays options (Original, Small, or Medium) that allow users to reduce the size of the image. For more information, see https://www.ibm.com/support/pages/node/5737611.
  Note: When you scale down the image size, the image resolution is also adjusted.
• Notification badge support for MaaS360 Secure Container apps: In previous releases, MaaS360 added notification badge support for all third-party apps in the Kiosk launcher. In this release, MaaS360 extends the notification badge support to MaaS360 Secure Container apps in Kiosk mode. Users can manage badge notifications through the Kiosk settings. For more information, see https://www.ibm.com/support/pages/node/1073822.
• Open and share third-party app data using Secure Viewer, Secure Editor, and MaaS360 Docs: In previous releases, MaaS360 restricted users from using Secure Container apps to access corporate content. In this release, MaaS360 removes that restriction and now allows users to open and share files in Secure Viewer, Secure Editor, and MaaS360 Docs from third-party apps. The MaaS360 Secure Viewer, Secure Editor, and the Docs app work as shared resources for an Android Enterprise enrolled device. For example, users can now edit a Word document in the Files app with Secure Editor and then share the file in the Docs app. When you open a supported file type, Secure Viewer and Secure Editor is displayed in the Open with menu, and MaaS360 Docs is displayed in the Share via menu. For more information, see https://www.ibm.com/support/pages/node/5737617.
  Note: This feature applies to Android Enterprise devices and requires MaaS360 for Android 7.0. In Profile Owner mode, you cannot open or share files in the Personal profile with Secure Container apps.
• Enforce device lock-down on devices that skipped Device Owner enrollment: To discourage skipping of Device Owner enrollment, MaaS360 restricts important features on the device until the device is completely enrolled. When users skip Device Owner enrollment at any stage after the MaaS360 app is installed (or activated) as Device Owner, MaaS360 enforces the following restrictions on the device:
  • Account management: Users cannot access the Google Play Store; or add or delete personal accounts such as Gmail.
  • App management: Users cannot uninstall or install apps from the Google Play Store or from other sources such as Android Debug Bridge (ADB).
  For more information, see https://www.ibm.com/support/pages/node/5737587.
• Updated X-Force® categories that are used for URL filtering: MaaS360 adds the following new categories to the Secure Browser category for URL filtering policies:
  • Cities/Regions/Countries
  • Environment/Climate/Pets
  • Abortion
  • Early Warning
  • Crypto Mining

  MaaS360 removes the following categories from the Unknown category:

  • Cities/Regions/Countries
  • Environment/Climate/Pets
  Note: Administrators can edit or make changes to URLs that are no longer available in the Unknown categories by adding those categories to an allow list in the Persona policies. For example, if you blocked all Unknown categories, and want to allow access to Cities/Regions/Countries, you can now allow Cities/Regions/Countries.

• Enhancements to the patch management workflow: For this release, MaaS360 added new capabilities to the granular patch management workflow that was released in 10.76. These new capabilities include scheduling when the patch management workflow starts, pushing multiple patches across multiple devices, stopping patch distribution at any time, and viewing the status of the patch distributions. For more information, see Distributing OS patches to Windows devices.
• The Update management settings policy now includes settings that allows administrators to configure service channels that specify when and how Windows devices receive quality and feature updates. This policy also includes settings for rolling back those updates. For more information, see Update management settings.
• The Antivirus settings policy now includes new Windows Defender® settings that you can configure on a Windows device, including updates to scan settings and frequencies, advanced settings for detecting malware, and implementation of attack surface reduction rules. For more information, see Antivirus settings.
• Windows DTM to MDM migration: MaaS360 now provides a migration workflow that allows administrators to seamlessly move Windows 10 devices off of DTM to take advantage of the management capabilities provided by Windows 10 MDM. For more information, see Windows DTM to Windows MDM migration.

Improved user interface for Network, Browser Violation, and Mobile Expense Management reports: For this release, the reporting function remains the same for the Network, Browser Violations, and Mobile Expense Management reports, but elements of the user interface were updated. Reports from previous releases are still available in the MaaS360 Portal. Contact IBM Support to access the new reporting user interface. Once this feature is enabled, customers can go to MaaS360 Portal > Setup > Settings > Administrator Settings > Analytics to subscribe to the new reporting user interface.

Each report also offers a detailed report view that contains both chart data and table data. In the chart data, you can view reports as a graph (Bar chart, Pie chart, Line chart,or Area chart). In the table data, you can view device and network details including the device name, user name, platform, home carrier, and current carrier. These details are displayed as column headers in the table data along with an option to apply filters as needed.

For more information on report subscriptions, user interface reporting settings, and detailed reports in the expanded view, see https://www.ibm.com/support/pages/node/6024412.

• Manual refresh support for Google Play Private Channel apps: MaaS360 adds a new option Refresh App Details in the App Summary page that allows administrators to manually refresh private channel app details. With this support, when an update is available in the Managed Google Play store, the app description, version, and icon are displayed in the App Summary page in real-time or within a maximum of four hours. In previous releases, the process took a maximum of seven days for MaaS360 to receive the latest app updates.
  Note: This feature is supported on Android Enterprise apps only.
• Distribute apps at device level for user accounts: MaaS360 adds support to distribute apps at device level through Managed Google Play. In previous releases for the user-level distribution, when a device moved out of a group, app distribution on other devices in that group with the same user was also removed. In this release for the device-level distribution, MaaS360 only removes apps from the device that was removed from the group and does not impact devices with the same user that are already in the group.
  Note: This feature requires the MaaS360 for Android agent 7.0 and is supported on Android Enterprise apps only.
• App wrapping enhancements:
  • When a large number of methods are detected, MaaS360 splits the methods into primary and secondary dex files. In previous releases, MaaS360 displayed an option for administrators to move classes from the secondary dex to the primary dex just in case crucial classes accidentally moved to the secondary dex file. Effective for the 10.77 platform release, MaaS360 removes that additional step where MaaS360 now automatically retains crucial classes in the primary dex file and moves other files to the secondary dex file. Customers who want to use that option can set the continueSplitDex parameter to false. For more information, see Android app wrapping parameters.
  • MaaS360 uses the apksigner tool instead of jarsigner to sign APK files.
    Note: The APK signature becomes invalid if you make changes to the APK file after you sign the app with apksigner.

• Quick Start Setup enhancements in the MaaS360 Portal: For this release, the enhanced Quick Start setup wizard guides you through all the information and steps that you need to set up and configure your MaaS360 account. For more information see, Getting started with the MaaS360 Portal.
• Automatically create end users during SAML-based authentication: MaaS360 allows administrators to create user accounts automatically in the MaaS360 Portal during SAML-based authentication for a user account that does not already exist in the Portal. The user account that is added is listed under the Users page in the Portal. To enable this feature, go to Device Enrollment Settings > Basic > Authenticate using SAML > Enable auto creation of users on SAML authentication. This capability is supported for DEP enrollments on iOS 13 and macOS 10.15 devices, Android, and Windows 10+ devices.
• Updates to the OS Version (Numeric) search attribute in Advanced Search: The Advanced Search conditions in the MaaS360 Portal now support a new operating system search attribute called OS Version (Numeric). The attribute that was previously used is now renamed to OS Version (Numeric) Deprecated. For this release, both attributes are listed under the Advanced Search based on operating system. The OS Version (Numeric) attribute allows administrators to search based on operating system version for any device platform, and supports both the OR and Advanced search criteria.

  The existing attribute is renamed as OS Version (Numeric) Deprecated and any groups that are created based on this attribute continue to exist as before with the changed name. In future releases, the OS Version (Numeric) Deprecated will be removed and groups that are created from the existing OS Version (Numeric) will be replaced with the new OS Version (Numeric). For more information, see Configuring search criteria.

• New Settings Failure Reason search attribute in Advanced Search: The Advanced Search conditions in the MaaS360 Portal now support the Settings Failure Reason search attribute for the Security and Compliance condition. For this search, you can now set Security and Compliance groups based on settings that are configured for the following search criteria: contains, begins with, does not contain, ends with, equal to, and not equal to. For more information, see Configuring search criteria.

User enrollment mode: Apple's managed mode enrollment for employee-owned (BYOD) iOS and macOS devices allowed device-level controls for administrators such as initiating a factory reset, viewing the device serial number, and viewing personal apps on employee devices. These controls caused concerns over data privacy for the employee. Apple now provides the User Enrollment mode, which allows employees to enroll employee-owned iOS and macOS devices. MaaS360 supports the User Enrollment mode on iOS 13+ non-supervised devices. With this feature, administrators manage and protect corporate data on employee-owned devices only. For more information, see User Enrollment Mode.

• New user-less enrollment for Android Enterprise shared devices: MaaS360 adds support for new user-less enrollment which allows administrators to easily enroll Android Enterprise shared devices without attributing those devices to a specific user. MaaS360 skips user authentication during enrollment and initially enrolls the device into MaaS360 in a signed-out state. During the enrollment configuration, if the administrator selects the Userless Enrollment option, all user-specific fields are hidden. For more information, see https://www.ibm.com/support/pages/node/6220936.
  Note: This feature supports the following Android Enterprise DO enrollment modes: Knox Mobile Enrollment, Zero-touch enrollment, and QR code enrollment.
• Tracking managed app configuration feedback in the App Catalog and the Device view: If an administrator subscribes to the app configuration feedback, MaaS360 tracks the status of the app configuration when configuration changes are applied to the app. This feedback displays as a confirmation message that the configuration was successfully applied to the app or as an error message if the app failed to apply the configuration. MaaS360 adds a new column Managed Configuration in the App Catalog and the Device view to track the app configuration feedback. For more information, see https://www.ibm.com/support/pages/node/6220944.
  Note: This feature applies to Android Enterprise PO and DO devices.
• Redesigned Location screens for the MaaS360 agent: The Location screens for the Android agent now provide a list of preconfigured locations, a method for granting permissions, and a method for tracking the checked-in time and distance from the current location to other locations. For more information, see https://www.ibm.com/support/pages/node/6220946.
• Enhancements to the Cross Profile Intent Filter policy for Profile Owner enrollments: Intent filters allow intents from the work profile to access the personal profile and vice versa. In previous releases, with the limited attributes (Action, Category, and Mime Type), administrators were unable to declare intent filters for important tasks that involved attributes such as Scheme. For example, administrators were unable to define intents to allow a Google Chrome page opened in the personal profile to start Secure Mail in the work profile to send a mail with a mailto: URL, because the intent only contained data and no MIME type. For the 10.78 platform release, MaaS360 adds new attributes (Scheme, Authority Host, Authority Port, Path, Scheme Specific Part) to allow administrators to define advanced intent filters. For more information, see https://www.ibm.com/support/pages/node/6220948.
  Note: This feature requires the MaaS360 for Android agent 7.10+.
• Samsung Knox license management: Samsung announced the deprecation of legacy ELM and KLM keys by the end of December 2020 in favor of the Knox Platform for Enterprise (KPE) key. Android Enterprise customers should switch to the Knox Platform for Enterprise (KPE) key using the Knox SDK. MaaS360 adds support for the following three KPE license variants:
  • KPE Standard key (free)
  • KPE Premium key (paid)
  • backwards-compatible key

  For device enrollments and the MaaS360 agent release, MaaS360 ensures that devices running Knox V2.7.1 and earlier receive the backwards-compatible key. Devices running Knox V2.8 and later receive the KPE Standard key. Administrators must configure the KPE Premium (paid) license key at MDM policy > OEM Settings to activate licenses on devices. The KPE Premium key overrides the existing license keys that are already activated on the device. MaaS360 also removes the Configure Samsung Knox License for Samsung devices field from the Device Enrollment Settings workflow to prevent administrators from activating legacy license keys. For more information, see https://www.ibm.com/support/pages/node/6220950.

• New policy to restrict Google apps on allowed domains: MaaS360 now allows administrators to specify which domains are allowed to access Google services such as Gmail and the Google Play Store. When a set of domains are allowed, all Gmail accounts such as personal accounts are automatically blocked. If your organization uses G Suite and enabled G Suite binding with MaaS360, you can use this policy to restrict Google Play Store access to corporate Google accounts only. For example, you can allow corporate domains such as mycompany.org so that personal accounts such as gmail.com are automatically blocked. If you do not specify a domain, users can add and sign in to Google services from any account.
  Note: This feature requires the MaaS360 for Android agent 7.10+. For more information, see https://www.ibm.com/support/pages/node/6220970.
• App wrapping support for apps compiled with the D8 compiler: In the 10.77 platform release, MaaS360 added support for Android apps complied with the D8 compiler. For the 10.78 platform release, customers can now wrap D8-complied apps without passing parameters to the MaaS360 Portal.
• Tracking the status of configured Android Enterprise policy settings and device attributes: The MaaS360 Android Enterprise agent now reports the status of the following configured policies on the Device Summary > Security and Compliance page:
  • Passcode Status
  • Configured Settings (ActiveSync and VPN)
  • Failed Settings
  • Camera Present
• Multi-level folder structure for managed Google Chrome bookmarks: MaaS360 now allows administrators to organize managed Google Chrome bookmarks into folders and sub-folders. Administrators can use a forward slash ( / ) to create nested folders. For example, Books/Fictional/Hobbit creates the bookmark named Hobbit inside the Fictional folder inside the Books folder. For more information, see Browser.
• Modern authentication support for Exchange ActiveSync: Microsoft announced the deprecation of basic authentication for multiple protocols including Exchange ActiveSync. Administrators should switch to the OAuth 2.0 token-based modern authentication to continue with these services. MaaS360 adds the Authentication Mode field in the ActiveSync policy to enable the use of modern authentication for Exchange ActiveSync.
  Note: Google does not support modern authentication. Administrators should configure the Google account with G Suite binding for mail, calendar, and contacts access. To enable modern authentication for Exchange ActiveSync, go to Android MDM policy > Android Enterprise Settings > ActiveSync > Authentication Mode, and then select Modern.
  For more information, see ActiveSync.

• New Microsoft Defender Firewall Settings policy: MaaS360 adds support for Microsoft Defender Firewall settings in the Windows MDM policy. These settings allow administrators to configure Windows Defender Firewall global settings, per profile settings, and also configure a set of custom rules to be enforced on a device. Administrators can also manage non-domain devices, reducing the risk of network security threats across all systems connecting to the corporate network. For more information, see Firewall settings.
• Enhancements to the Custom OMA settings policy: Windows 10 custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features that are used by mobile device manufacturers to control features on a device.
  The MaaS360 Custom OMA policy includes many built-in settings that allow you to control different features on devices in your organization. Use this policy when you want to use device settings and features that are not built in to the Windows MDM policy. The policy Help topic provides sample procedures on how to create and remove custom OMA (XML) files from devices.

  Note: This feature is intended for advanced administrators. Contact IBM Support to enable this feature.

  For more information, see Custom OMA settings.
• Local file share support for Windows app distribution: MaaS360 adds functionality to the App Distribution workflow by allowing administrators to host Windows apps on a password-protected file share located on their organization's network.

  In previous releases, the only option available to administrators for distributing Windows apps to devices was that the app publish process always uploaded the app binaries to a MaaS360 (content delivery server) CDN server, and as part of installation, these apps were downloaded by end users onto their devices from the MaaS360 CDN server.

  In the 10.78 platform release, administrators can now host Windows app binaries locally on a password-protected file share on their network. The common credentials used to access the network share by devices are provided as part of the publishing workflow. The devices that need to install these apps, access that file share with the credentials provided as part of publishing workflow and download the app binaries from the local share instead of from the CDN server. This functionality helps reduce internet bandwidth, increases the speed of installation, and improves compliance across all devices.

  Note:

  • MaaS360 only supports EXE, MSI, and BAT files for the local file share publishing process.
  • Windows Universal App Packages (APPX and APPXBUNDLE) are not supported for the local file share publishing process.
  • Windows 7 devices managed by DTM are not supported for the local file share publishing process.
  • The device that is receiving the app must be connected to the organization's network (VPN or intranet). If the device is not connected to the organization's network, app installation will fail on the device.
  For more information, see Downloading Windows apps from a local file share and distributing to devices.
• Unlock developer settings on Windows Universal App Packages: MaaS360 automatically configures some settings in the background on devices to successfully distribute and publish APPX packages on devices. For example, for every APPX app distribution, the Developer settings for the device is changed to Sideload apps on the device, which sideloads an app successfully. MaaS360 takes care of changing these settings during installation and once these APPX apps are installed, the Developer settings on the device revert back to the original settings. For more information, see Adding an enterprise app for Windows.
• Windows Phone end of support: Microsoft has ended support of Windows Phone (8.0, 8.1, 10), new Windows Phone OS builds, and the business app store. MaaS360 no longer allows new Windows Phone enrollments in the MaaS360 Portal. However, existing Windows Phone enrollments continue to work in the Portal. The following settings were added or disabled for the 10.78 platform release onwards:
  • A message explaining that MaaS360 does not support Windows Phone enrollments is displayed if a user tries to access the enrollment URL in the Windows Phone browser, or tries to add the MDM Profile directly from the phone at Settings > Account > Access work or school.
  • On the MaaS360 Portal > Setup > Services page, the Upload Windows Phone Company Hub Certificate option to upload a new or renewed Symantec certificate for Windows Phone was removed from the Mobile Device Management section.
  • The Windows Phone Symantec Certificate Expiration banner was removed from the My Alert Center section on the MaaS360 Portal Home page.
  • The Windows Phone option was removed from Setup > Settings > Device Enrollment Settings > Add Device > Advanced > Select Platform drop-down list.
  • The Windows Phone option was removed from Setup > Settings > Device Enrollment Settings > Add Device > Advanced > Enrollment Programs > Device Platforms allowed to enroll section.

  For more information, see https://www.ibm.com/support/pages/node/6214496.

• App Approval workflow for iOS custom B2B apps: MaaS360 extends the App Approval workflow to custom B2B apps. With this support, administrators can set up quality, security, and compliance checks before B2B apps are promoted to the App Catalog. For more information on the App Approval workflow, see Submitting apps for approval (App Approval workflow).
• App refresh support for iOS custom B2B apps: MaaS360 extends the manual app refresh support to iOS custom B2B apps. With this support, administrators can manually refresh app details to receive the latest app updates in about 5 - 10 minutes. Without app refresh, MaaS360 can take up to 24 hours to automatically fetch the latest app updates.

• Local administrator login settings for Federated single sign-on: The Federated Single Sign-on (SSO) configuration in the Advanced Administrator settings was redesigned for the SAML single sign-on and the corporate user directory single sign-on settings. The new configuration allows existing MaaS360 Portal local administrator accounts to continue to log in to the MaaS360 Portal using their local credentials even if SSO is enabled. This change affects new customer accounts that are created after the 10.78 platform release. For existing customer accounts, the Allow existing Administrators to use portal credentials as well option is not displayed in the MaaS360 Portal going forward. If customer accounts previously saved the Allow existing Administrators to use portal credentials as well option, local administrators can continue to log in to the MaaS360 Portal using their local credentials.
• Enhancements to generating access keys for the web services API authentication token: MaaS360 provides the following access key types for the web services API:
  • MaaS360 Web Services
  • App Access Key
  • Cisco ISE Integration
  For more information, see Auto-provisioning web services.
• Business partners can move customer or business partner accounts within a hierarchy: Only Partner Administrators with the access right Allow movements of accounts within hierarchy can move customer or business partner accounts within a hierarchy. The Primary Administrator can add this access right for the Partner Administrator from the Grant Access Rights page during the Add Role or Edit Role workflow. The Partner Administrator can then use the Move action on the Accounts page that is listed for all customer and business partner accounts in their hierarchy. Using the Move action, the Partner Administrator chooses the new parent partner account, moves the account under the parent account, and then confirms the action.
  Note: This feature is available for business partner accounts only. Customer accounts cannot move accounts within their hierarchy.

• Enhancements to User Enrollment: In the 10.78 platform release, MaaS360 added support for User Enrollment, a new mode of enrollment that is designed for employee-owned (BYOD) devices. For self-enrollments, MaaS360 added corresponding device enrollment settings in the MaaS360 Portal that indicate whether BYOD devices are enrolled through Managed or User Enrollment mode. In this release, MaaS360 adds the following enhancements to User Enrollment:
  • New Enroll using iOS User Enrollment check box added to the Add Device workflow: When administrators create an enrollment request from the Devices > Enrollments > Add Device workflow, they can choose User Enrollment as a device enrollment mode. The new Enroll using iOS User Enrollment check box is available by default to all customers. User Enrollment does not require administrators to pre-configure device enrollment settings before they create the enrollment request.
    Note: A user account with a valid Manage Apple ID is a prerequisite for creating an enrollment request with User Enrollment. When the Enroll using iOS User Enrollment option is selected, Device Ownership defaults to the Employee in the Add Device workflow.
  • Removed MaaS360 authentication prompts to simplify the enrollment experience: In the 10.78 platform release of device enrollment, MaaS360 displayed two authentication screens: MaaS360 user authentication (One Time Passcode, LDAP/AD, or local user) and Managed Apple ID. To provide a seamless enrollment experience, MaaS360 removes the additional layer of the user authentication screen (One Time Passcode, LDAP/AD, or local user) that was displayed prior to downloading the enrollment and configuration profiles, allowing users to complete the enrollment by authenticating against their Managed Apple ID.
  • Supported apps for User Enrolled devices: MaaS360 supports the distribution of user-licensed VPP apps, enterprise apps, and web clips to User Enrolled devices. Device-licensed VPP apps and public iTunes apps are not supported.
• New Managed Apple ID features
  • On the User Summary page, you can now edit the Managed Apple ID field for all types of user records such as Active Directory, LDAP, and Azure AD. For more information, see Adding users in the MaaS360 Portal.
  • On the User Summary page, administrators can now use an email address as a Managed Apple ID without having to enter a Managed Apple ID separately for each user. When you select the User Settings > Basic > Use Email Address as Managed Apple ID setting, the email address of the user is automatically used as the Managed Apple ID in User Enrollment deployments even though the Managed Apple ID field on the User Summary page is blank.
    Note: This feature does not automatically populate the email address in the Managed Apple ID field on the User Summary page.
    For more information, see Configuring user settings in the MaaS360 Portal.
• Viewing the APNS certificate serial number in the MaaS360 Portal: Administrators can now view their APNS certificate serial number directly in the MaaS360 Portal without contacting IBM Support. The serial number is the Apple ID that is used to set up the APNS certificate. You can also change the Apple ID if the Apple ID credential that was previously used for setting up the APNS certificate is no longer available.

• Block App Catalog (managed) apps on non-compliant devices: Apps that are distributed from the App Catalog that use the Enforce Compliance flag are blocked for non-compliant Android Enterprise devices. In previous releases, instead of suspending the apps, MaaS360 displayed an overlay screen to block access to those apps.
  Note: This feature is supported on Android 7.0+ devices and requires MaaS360 for Android version 7.20+.
  For more information, see https://www.ibm.com/support/pages/node/6327145.
• Redesigned user interface and new enhancements for Kiosk mode: The user interface for Kiosk mode was redesigned to improve usability and now provides a cleaner and simpler design. MaaS360 also enhanced app action shortcuts and now provides a sixty second countdown timer for single-app mode. For more information, see https://www.ibm.com/support/pages/node/6327147.
• Lock devices on Device Owner enrollments: To prevent users from skipping device enrollment screens, MaaS360 adds support to lock a device until device enrollment is complete. Administrators issue the lock device action as key-value pairs to the device during Device Owner enrollment configuration. If this setting is enabled, the MaaS360 app automatically launches after the device reboot and device enrollment is resumed. When enrollment is successful, the lock is removed and users can access the device.
  Note: This feature is supported for Device Owner enrollments: QR code, ZTE, and KME, and requires MaaS360 for Android version 7.20+.
• Pass custom parameters to the Device Owner enrollment configuration (JSON) file: MaaS360 now allows administrators to pass custom parameters to the enrollment configuration (JSON) file. Administrators can use the Custom Attributes field in the Android Enterprise QR code, ZTE, KME provisioning window to add up to 10 parameters in the form of key-value pairs. The MaaS360 agent reads these parameters during Device Owner enrollment and issues corresponding actions to the device. In previous releases, administrators manually added the parameters to the JSON file. For more information, see https://www.ibm.com/support/pages/node/6327331.
• Added a new attribute to identify devices by One Lock or Unified Password status: MaaS360 adds a new device attribute One Lock Status in Device Summary > Security & Compliance to allow administrators to track devices that use the same password enabled for both device and work profiles. Administrators can also use advanced search to filter devices based on their unified password status.
• Removal of ActiveSync configuration on selective wipe: When the following actions policy change, selective wipe, and reset corporate settings are taken on a device, the corporate ActiveSync accounts that are configured through policies are automatically wiped from the device. When the selective wipe action is taken, users must reconfigure those ActiveSync accounts.
  Note: This feature is supported on Android Enterprise (PO and DO) modes only and requires the MaaS360 for Android agent 7.20+.
• Samsung Knox Platform for Enterprise (KPE) activation is available to all customers: In previous releases, KPE activation support was rolled out to new customers. Effective from the 10.79 platform release, KPE activation is available to all customers by default and the KPE key is automatically deployed and activated during the MaaS360 agent upgrade or enrollment. For more information, see Samsung License Management.
• COPE (Corporate-Owned, Personally Enabled) mode end-of-life: MaaS360 marks COPE mode for end-of-life with MaaS360 for Android 7.20. MaaS360 does not support new COPE (Corporate-Owned, Personally Enabled) enrollments, and the configuration options to enroll a device in the COPE mode are removed from the MaaS360 Portal. Administrators can regenerate old configuration profile QR codes or JSON files that set the COPE flag to true.
• Behavior on Android 10+ devices when the MaaS360 agent targets Android Q (10) APIs: Android 10 marks the official deprecation of Device Admin mode. Some of the Device Admin policy features are no longer supported on Android 10+ with the MaaS360 app version 7.20+. For more information, see https://www.ibm.com/support/pages/node/6091042.

• Windows 10 Home device enrollment support: As more employees work remotely, organizations are experiencing an increase in the use of Windows Home edition in the enterprise. In addition to supporting Windows 10 (Education, Enterprise, Professional) devices in the MaaS360 Portal, MaaS360 now allows administrators to also enroll, manage, and support software distribution and OS patch management to Windows 10 Home devices.

  MaaS360 adds a new Windows 10 device enrollment workflow that allows device users the option to enroll Windows 10 Home devices or Windows (Education, Enterprise, Professional) devices into the MaaS360 Portal after receiving the MaaS360 enrollment request URL notification that is sent by email or text message from an administrator.

  Windows 10 Home devices are enrolled in the MaaS360 Portal in DTM mode, which uses traditional agent-based management that is normally used for Windows 7, while Windows 10 (Education, Enterprise, Professional) devices are enrolled in MDM mode, which uses modern management capabilities built on the Windows 10 MDM APIs.

  Note:

  • For new MaaS360 Portal accounts, make sure that you enable the Laptop and Desktop Management setting in the MaaS360 Portal at Setup > Services.
  • For existing MaaS360 Portal accounts, this service is already enabled and you can start enrolling Windows 10 Home devices using DTM mode.
  • For Windows 7 devices, contact IBM Support for assistance with enrolling Windows 7 devices in DTM mode.

  For more information, see Windows 10+ device enrollment workflow.

• TeamViewer unattended remote access support for Windows 10 devices: TeamViewer provides remote support (remote view and control) to managed devices from theMaaS360 Portal. The MaaS360 integration with TeamViewer allows you to view or control managed devices as a part of remote support sessions to troubleshoot device issues without needing to travel for in-person support.

  Windows 10 devices are now supported for TeamViewer's unattended access mode of remote support. TeamViewer unattended access mode allows permanent access to remote devices without requiring end-user intervention. This feature is supported for Windows 10 MDM-managed devices only. This feature does not support Windows DTM-enrolled devices.

  For more information, see Sending a remote session request for TeamViewer unattended access.

• New Microsoft Defender Application Guard policy: MaaS360 adds support for Microsoft Defender Application Guard settings in the Windows MDM policy. Application Guard, a hardware-based endpoint defense, is a security tool that is built into Microsoft Edge. Application Guard isolates enterprise-defined untrusted sites from the desktop (host) in a virtual machine (VM) to prevent malicious activity from reaching the desktop. This feature is supported on Windows 10 version 1709 and later.

  With this policy, if a user visits an untrusted site through the Edge browser, the browser opens that site in an isolated Hyper-V enabled container that is separate from the host machine. If the untrusted site that is in container isolation is a malicious site, the host machine is protected and the attacker cannot access enterprise data.

  Application Guard works with the Group Policy where the administrator configures a setting once, and then copies that setting to many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. Administrators can configure the following policy settings to manage the implementation of Application Guard for the organization:

  • Clipboard behavior and content: Choose what copy and paste actions are allowed for text and images between the user's device and the Application Guard container.
  • Printing from the container: Allows the user to print content (PDF files, XPS files, print from local printers, print from network printers) from the Application Guard container.
  • Camera and microphone access in the container: Allows the Application Guard container to access a device's camera and microphone if those settings are also enabled on the user's device.
  • Retain user-generated browser data: Saves user data (such as passwords, favorites, cookies) that is created during an Application Guard container browsing session.
  • Graphics acceleration: Allows graphic-intensive sites to load video faster by accessing the virtual graphics processing unit or uses the device's CPU for graphics. This setting is supported on Windows 10 version 1803 and later.
  • Download files to the host file system: Allows users to download files from the Application Guard container to the host operating system or keep files local on the device (does not download files to the host file system). This setting is supported on Windows 10 version 1803 and later.
  • Block external content on enterprise sites: Blocks content from unapproved sites from loading or allows non-enterprise sites to open on the device. This setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
  • Certificate thumbprints: Shares certain device-level root certificates with the Application Guard container. This setting is supported on Windows 10 version 1803 and later, Microsoft Edge on Windows 10 Enterprise, or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.

  For more information, see Sending a remote session request for TeamViewer unattended access.

• ADMX-backed policy support in the Custom OMA Settings policy: MaaS360 provides a new workflow where administrators can use custom OMA XML configuration files as part of the Windows policy to push Group Policy administrative templates (ADMX-backed policies) to Windows 10 devices. This feature is supported on Windows 10 version 1703 and later.

  An example is provided in the Knowledge Center topic Using the custom OMA settings policy to push ADMX-backed policies to Windows devices that explains how to use the Custom OMA settings policy to create the custom OMA XML configuration file for an ADMX-backed policy, upload that content to the MaaS360 Portal, and then push that policy to Windows 10 devices.

• New patch management restart settings: MaaS360 adds functionality to the Patch Management workflow by allowing administrators to notify users that a restart is required on a user's device after an OS patch is applied to that device.

  Device users are provided an option to either defer the device restart by a setting a specific amount of time (in minutes, hours, or days) in the MaaS360 Portal user interface or opt for the restart immediately. The administrator configures the threshold date for the device restart. Device users have the option to defer the restart multiple times until the threshold date is reached. This deferral provides the user with enough time to continue working and restarting the device at their convenience. For more information, see Distributing OS patches to Windows devices.

• Enhancements to the Windows enterprise app installation success criteria during app upload: MaaS360 adds functionality to the Windows Enterprise App Installation workflow by providing new install criteria options that allow administrators to determine whether a script/job executed successfully on a Windows device. The new install criteria options allow administrators to check for the non-existence of certain registry keys, files, or processes or use exit codes to validate that the script/job executed successfully on the device. In previous releases, the administrator could only determine whether a script/job executed successfully on the device by checking the existence of certain registry keys, files, or processes.
  MaaS360 has updated the Relevance to install success criteria setting during uploads of Enterprise App for Windows apps by providing the following new install criteria options to the administrator: -

  • Administrators can now enter negative install success/relevance criteria for Windows enterprise apps to determine whether an app was successfully uninstalled or removed from a device during an app upload. The negative install success/relevance criteria include the following:
    • Registry key does not exist
    • File does not exist
    • Process not running
    This criteria applies to the following app types:
    • Windows Installers (.msi)
    • Windows Executables (.exe)
    • Windows Scripts (.bat, .vbs, .ps1, .reg, .py)
  • Administrators can now enter exit code based install success criteria, as a numerical value or as a comma-separated list of numerical values, to determine whether an app was successfully uninstalled or removed from a device during an app upload.

For more information, see Adding Windows executable (exe) files.

• Enterprise app support for Work Profile devices: Administrators can now deploy enterprise (corporate) apps to Work Profile (PO) devices. After deployment, administrators can also track the status of the app in the MaaS360 Portal.

  Delete app reviews from the App Summary page: If users provide inappropriate reviews for an app, administrators can now delete all reviews for that app from the App Summary page. For more information, see https://www.ibm.com/support/pages/node/6327333.

• App distribution architecture redesign: For the 10.79 platform release, all customers with a deployment size of 1,000 devices or less are moving to the new redesign of the app distribution architecture. All new customer accounts after the 10.77 platform release were already migrated to the latest redesign. No impact to customers is expected with the migration to the new architecture.

• Deleting an administrator account from the MaaS360 Portal: MaaS360 provides a new Delete action on the Administrators page, which extends the functionality of the Deactivate administrator action. For the Deactivate action, the administrator account is deactivated, but can be reactivated at a later date. Since you cannot assign the username for a deactivated administrator account to another administrator, MaaS360 provides the Delete action which permanently deletes the administrator account. The usernames that are associated with the deleted administrator account are permanently deleted and are available for use by another administrator.

  In the MaaS360 Portal, the Deactivate and Delete actions are listed under the Remove option on the Administrators page. For more information, see Removing administrator accounts from the MaaS360 Portal.

• Limiting the display of user-owned devices that are listed on the User Summary page: The User Summary page displays the details for all active devices that are owned by a user. In this release, the display of user-owned devices in the Owned Devices section is restricted to 10 active devices. For a user account that uses more than 10 active devices, the Click here to view all devices option is displayed. This option accesses search results that display details for all devices that are owned by the user.

Exchange ActiveSync module support for Modern Authentication for Office 365 integration: The Exchange ActiveSync module now supports Modern Authentication for Office 365 integration in response to the announcement that Microsoft is starting to disable support for Basic Authentication in Exchange Online beginning October 2020. These changes affect Office 365 only, not the on-premises version. For more information about this announcement, see https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online/.

For Modern Authentication support, the new Cloud Extender Configuration Tool provides a link to Microsoft that explains how to transition to Modern Authentication, and automatically checks whether the administrator has installed the required PowerShell V2 module. If the PowerShell V2 module is not installed, a reminder message notifies the administrator about the upcoming deprecation of Basic Authentication, and provides a link to instructions on how to transition to Modern Authentication.

• Shared iPad for Business: Apple introduced Shared iPad for Education in iOS 9.3 that allowed students and teachers to sign in to Shared iPads with Managed Apple IDs that were created in Apple School Manager (ASM).

  For iOS 13.4, Apple extends the Shared iPad support to enterprises. With this support, administrators use MaaS360 to securely deploy supported iPads in Shared mode. With Shared iPads, multiple employees in an organization can sign in or out of a single iPad with a unique Managed Apple ID that is created in Apple Business Manager (ABM). For more information, see Apple Shared iPad for Business.

• MAC address randomization: iOS 14 devices now use a random Media Access Control (MAC) address for each wifi network (SSID). Administrators use the Disable MAC Address Randomization setting in the MaaS360 iOS MDM wifi policy to disable the randomization of the MAC address and to send the actual MAC address when the device is associating with a network. For more information, see the iOS Wifi policy.

• Work profile on corporate-owned devices (WPCO): The work profile is a secure container that separates work apps and data from personal apps, while maintaining user privacy. In previous releases, you could only set up the work profile on personal (BYOD) devices that were also used for work.

  For Android 11, you can now set up the work profile to secure and separate work data from employee-owned devices to corporate-owned devices. With this support, employees can securely use corporate-owned devices for personal activities without sacrificing privacy. Administrators gain more device-level control with the work profile on corporate-owned devices (WPCO) than with the work profile on employee-owned devices. For example, administrators can wipe the entire device and disallow app installations from unknown sources on the personal profile of the device. This feature requires MaaS360 for Android app 7.30+. For more information, see Work profile on corporate-owned devices (WPCO).

• Changes to the Device Enrollment settings: In previous releases for self-enrolling devices, mixed-mode customers chose either Android Enterprise or activation as the default new device addition mode in the Device Enrollment settings. In this release, MaaS360 redesigned the Device Enrollment settings to use both Android Enterprise enrollment and activation for self-enrollment of devices. For example, administrators can set corporate-owned devices to use activation and employee-owned devices to enroll in Android Enterprise mode. MaaS360 moved the Android Enterprise self-enrollment options from the Basic tab to the Advanced tab in the Device Enrollment settings. For more information, see https://www.ibm.com/support/pages/node/6377908.
• New group and device-level actions for managed Zebra and Bluebird devices that are enrolled in Device Owner (DO) mode: Administrators can remotely issue real-time actions to managed Zebra and Bluebird devices such as Push Profile and Push Custom XML. Administrators can also issue group-level actions to managed Zebra and Bluebird devices such as Copy File and Push OS Upgrade. In previous releases, these actions were supported only on Device Admin devices. This feature requires MaaS360 for Android app 7.30+. For more information, see Push Profile actions to managed Zebra and Bluebird devices.
• COPE (Corporate-Owned, Personally Enabled) enrollments end-of-life: MaaS360 marks COPE mode for end-of-life with MaaS360 for Android 7.20. MaaS360 does not support new COPE (Corporate-Owned, Personally Enabled) enrollments, and the configuration options to enroll a device in COPE mode are removed from the MaaS360 Portal. Administrators must regenerate old configuration profile QR codes and JSON files for COPE flags set to true.
• New group-level action to reboot Android Device Owner (DO) devices: MaaS360 adds a new group-level action to allow administrators to remotely restart multiple devices at once. This feature is supported on Android Device Owner (DO) devices only.
  Note: Users are not notified in advance that their device will be restarted. Any work that the user is working on is lost when the device is rebooted.
  For more information, see Android group-level actions.
• Disabled location tracking on Android Profile Owner (PO) devices: In previous releases, the MaaS360 app automatically granted location permission when Android 11 devices were enrolled in Profile Owner (PO) mode. Users could not revoke the location permission from the MaaS360 settings.

  In this release, MaaS360 no longer automatically grants location permission during enrollment and ensures that permission is only granted when geofencing is enabled. Impact: When location permission is not granted, the MaaS360 app cannot report the last connected SSID to the MaaS360 Portal. This feature requires MaaS360 for Android app 7.30+. For more information, see https://www.ibm.com/support/pages/node/6376386.

• Support for the new Android Enterprise keyguard features: MaaS360 adds new Android Enterprise policy settings to remotely control the keyguard features: face recognition and IRIS recognition. This feature is supported on Android 9.0+ Profile Owner (PO) and Device Owner (DO) devices. This feature requires MaaS360 for Android app 7.30+. For more information, see the Android Enterprise Security policy.
• Cross-profile communication between apps: By default, MaaS360 does not allow communication between apps across profiles. For example, the Google Chrome app in the personal profile cannot communicate with Google Chrome app in the work profile. MaaS360 now allows administrators to use the Allow cross-profile apps setting in the Android Enterprise Security policy to configure apps that support cross-profile communication. This feature is supported on Android 11+ devices only that are enrolled in Profile Owner (PO) mode. This feature requires MaaS360 for Android app 7.30+. For more information, see the Android Enterprise Security policy.
• Package delegation support for Android Enterprise apps: As a Profile Owner (PO) or Device Owner (DO), the MaaS360 for Android app can now grant certain delegations to other apps. Delegated apps are apps that receive additional permissions such as installing existing packages or enabling system apps from the Profile Owner (PO) or Device Owner (DO) apps. This feature requires MaaS360 for Android app 7.30+. For more information, see the Android Enterprise Restrictions policy.
• Display work events in a personal calendar: With cross-profile calendar support, administrators can use the Allow work events on personal calendar setting in the Android Enterprise Security policy to allow the personal calendar to show events from the selected work profile apps. This feature is supported on Android 10+ devices enrolled in Profile Owner (PO) mode. This feature requires MaaS360 for Android app 7.30+. For more information, see the Android Enterprise Security policy.
• Support to collect preboot security logs for Device Owner (DO) and for Work Profile on Corporate Owned (WPCO) devices: MaaS360 adds a new Enable Enterprise Security Logging setting in the Android Enterprise Security policy that allows administrators to track preboot security logs from Device Owner (DO) and Work Profile on Corporate Owned (WPCO) devices. This feature requires MaaS360 for Android app 7.30+. For more information, see the Android Enterprise Security policy.
• Added Samsung system apps to the list of apps that are allowed by default on enrolled Profile Owner (PO) or Device Owner (DO) devices: To select Samsung apps, go to Android policy > Android Enterprise Settings > App Compliance > Configure allowed system apps. In previous releases, you manually added Samsung apps as additional apps in the MaaS360 Portal.
• Enhancements to the Factory Reset Protection (FRP) policy: FRP is a security feature that prevents unauthorized access to a device after a factory reset by locking the device to the Google Play ID that is configured in the device settings. In previous releases, the FRP policy was enabled by default without the knowledge of administrators. When the policy was published, administrators could not unlock FRP on a Device Owner (DO) enrolled device after a factory reset. In this release, MaaS360 disables the Factory Reset Protection policy by default for new customers.

• Scheduling the installation of Windows apps (MSI, EXE, BAT, downloadable files) from the App Catalog: MaaS360 enhances the App distribution workflow by allowing administrators to schedule the installation of apps on end user devices from the App Catalog. After apps are distributed to the App Catalog, administrators can choose which apps to install on end user devices, and specify whether to install those apps instantly on the device or schedule the app installation to start on a specific date and time of day over a staggered period of time to reduce the load on the network.

  In the MaaS360 Portal, administrators can view the details for scheduling the app installation from the App Catalog by clicking More under the app, and then selecting Manage Distributions. Administrators can also view the installation status of an app on a device by selecting the device and then selecting Summary > App Distributions.

  Note: The scheduling option only supports the installation of the following Windows distributed apps on Windows 10 MDM devices: EXE, MSI, BAT, and downloadable files (DOCX, PPTX, JPEG, PNG, XML, INIT). Windows Universal App Packages (APPX and APPXBUNDLE) and Windows devices that are managed by DTM are not supported.

  App installation scheduling options:

  Administrators can now set the following options to schedule the installation of distributed Windows apps from the App Catalog to a Windows device or a group of devices. When the scheduled date and time is set, the app is installed on the device.

  • Start date: Select the date to schedule the installation of the distributed app on a Windows device or group of devices.
  • Start time (0 - 23 hours): Select the local time on the device to schedule the installation of the distributed app to the device or a group of devices. The values include:
    • Immediately
    • 00 (midnight or 12:00 AM) to 23 (11:00 PM)
  • Distribute over (0 - 24 hours): Forces MaaS360 to space out the installation of distributed app binaries to devices over the selected hours to reduce the load on the network. The values include:
    • Immediately
    • 1 to 24 hours
  For more information about scheduling the installation of Windows apps from the App Catalog, see Scheduling the installation of Windows apps distributed to the App Catalog.
• Distributing Windows OS patches to groups of Windows devices: MaaS360 further enhances the Patch management workflow by providing an option that allows administrators to distribute patches to devices in a specific group that are missing the respective OS patch. Administrators continue to use the distribution and restart settings that were introduced in previous releases to distribute patches to device groups.
  Note:

  • If a new device is added to a group after a missing patch was distributed to that group, that device automatically receives the patch distribution.
  • If a default device group has no group-level action taken on that group, then the group will not be displayed to the administrator as active in the device groups list until a group-level action is taken against that group.

• Enhanced dashboards for the Network reports and the Hardware Inventory reports: MaaS360 provides an improved user experience that is available to all customers. The following enhancements are available:
  • Subscription settings were added to the Network reports and the Hardware Inventory reports dashboard page. When you click the Subscription settings option, you are directed to Administrator Settings > Analytics section where you can configure subscription settings for the reports.
  • Report information is displayed in near real-time, where changes in a device's hardware or data are almost instantly updated in the reports.
  • The report dashboard now allows you to click a Table icon to display both chart and table data for the report.
  For more information, see Network reports for MaaS360.
• Near real-time reporting for the Unified Endpoint Management (UEM) Overview reports: Any statistical updates of devices across the platform are also almost instantly updated on the dashboard page for that device. Administrators can now link Managed Apple IDs to the corresponding user record in bulk and send multiple user-enrollment requests at once. MaaS360 also adds minor enhancements to the Enrollments and User Directory List View pages. For more information, see Unified Endpoint Management (UEM) Overview reports for MaaS360.

• Enhancements to the default ownership settings for self-enrolling devices: On the MaaS360 Portal Device Enrollment Settings page, administrators can now define one of following default ownerships for a device during self-enrollments:
  • employee-owned device
  • corporate-owned device
  • prompt user for ownership of the device

  In previous releases, administrators could only use the Prompt user for ownership option. If that option was not selected, device ownership would default to corporate-owned. For more information, see Configuring directory and enrollment settings in the MaaS360 Portal.

• End User Portal (EUP) now displays the Platform Serial Number and Operating System Version on the Device View page: If users have more than one device with the same device name, the Platform Serial Number uniquely identifies the device. The Operating System Version displays the current version of the operating system on the device. For more information, see Viewing privacy information in the End User Portal (EUP).
• Enhancements to the Device View Summary page: The following enhancements were added to the Device View Summary page to allow administrators to easily view and access the device summary details in the MaaS360 Portal:
  • The device details drop-down on the Device View Summary page now splits across two columns to allow administrators to easily view and access details about devices.
  • The device details drop-down on the Device View Summary page now stays on the screen even if the cursor moves away from the screen. This function allows administrators to easily click the Device Summary option to view the details about a device.
  • A horizontal scroll bar was added to the Device Inventory page in the Device View grid when the number of columns in the grid exceeds the grid table size. In previous releases, the grid would auto-compress the columns to fit in the grid table where you could not read the details. With horizontal scrolling available in the Device View grid, administrators can now customize the number of viewable columns in the grid and also easily scroll to view all device details.
    Note:

    • The horizontal scroll bar displays only if the number of columns in the grid exceed the grid table size.
    • These enhancements do not change the functions of the device detail summary.
• Customizing the inactive session timer for an administrator login session: To allow administrators to continue working in the MaaS360 Portal without having to log in again due to session inactivity, MaaS360 adds the Logout administrator sessions option on the Administrator Settings > Advanced page. Use this setting to customize the allowed administrator session inactivity time. The current allowed maximum duration of session inactivity is 2 hours and the allowed minimum of session inactivity is 15 minutes, with a default allowed minimum session inactivity of 30 minutes. When you customize the time duration of session inactivity, a 2 minute timer is displayed during a logged in inactivity session. This timer is displayed 2 minutes before the allowed session inactivity duration along with an option that allows the administrator to either log out or to extend the current session. The allowed maximum session inactivity timer will be increased in a future release. For more information, see https://www.ibm.com/support/pages/node/6373530.
• Enhancements to the iOS user-enrollment feature: Administrators can now link Managed Apple IDs to a corresponding user record in bulk and send multiple user-enrollment requests at one time. For more information, see https://www.ibm.com/support/pages/node/6377916.
• MaaS360 Portal user interface elements now display in gray: The user interface elements in the MaaS360 Portal now display in gray based on feedback from a survey provided to administrators on improving user experience in the Portal. The color change applies to the color of check boxes, grids, and calendars in the Portal. This enhancement impacts the color displayed on the user interface elements in the MaaS360 Portal only. This color change does not affect the Portal workflows. For more information, see https://www.ibm.com/support/pages/node/1103397.
• MaaS360 M1 and M3 Platform using Akamai's Kona technology: For the 10.80 release, the MaaS360 M1 and M3 Platforms will start using Akamai's Kona technology, which is an industry-leading web application firewall (WAF) and distributed denial-of-service (DDoS) protection solution. Akamai's Kona technology guards MaaS360 applications against the largest and most sophisticated attacks. Akamai's Kona technology delivers proprietary rule sets and detection logic honed from Akamai's experience and investment in defending against the latest cyberattacks. For more information, see the following MaaS360 announcements:
  • MaaS360 M1 Akamai Kona Technology details at https://www.ibm.com/support/pages/node/6347900
  • MaaS360 M3 Akamai Kona Technology details at https://www.ibm.com/support/pages/node/1283566
• The IBM MaaS360 Product Suites are deprecating support for TLS v1.1 on 04 December 2020. For more information, see https://www.ibm.com/support/pages/node/6361797.

• Cloud Extender 2.102.x (released 31 August 2020)
  • Exchange ActiveSync module support for Modern Authentication for Office 365 integration: The Exchange ActiveSync module now supports Modern Authentication for Office 365 integration in response to the announcement that Microsoft is starting to disable support for Basic Authentication in Exchange Online beginning October 2020. For more information about this announcement, see https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online.

    For Modern Authentication support, the modern Cloud Extender Configuration Tool now provides a link to Microsoft that explains how to transition to Modern Authentication, and automatically checks whether the administrator has installed the required PowerShell V2 module. If the PowerShell V2 module is not installed, a reminder message notifies the administrator about the upcoming deprecation of Basic Authentication, and provides a link to instructions on how to transition to Modern Authentication.

• Cloud Extender 2.103.x (released 09 December 2020)
  • Certificate Integration module support for the Cisco EST certificate enrollment protocol: The Certificate Integration module now supports the Cisco EST (Enrollment over Secure Transport) certificate enrollment protocol. For more information about how to configure the Cisco EST certificate template that integrates with Cloud Extender, see Cisco EST integration.
  • Email Notification module support for Modern Authentication for Office 365 integration: The Email Notification module now supports Modern Authentication for Office 365 integration in response to the announcement that Microsoft started to disable support for Basic Authentication in Exchange Online that began in October 2020. For more information about this announcement, see https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online/.

    For Modern Authentication support, the new Cloud Extender Configuration Tool provides an option to choose the preferred authentication method as Basic Authentication or Modern Authentication. If you select Modern Authentication, you must enter the Tenant ID and the Client ID that you create in the Office 365 Admin Portal. The procedure on how to create the Tenant ID and the Client ID in the Office 365 Portal is documented in step 5 at Configuring Exchange email notifications.