MaaS360 Cloud 10.71 Release Notes

Content

iOS / macOS MDM

Disown device Web Services API >>

MaaS360 adds Disown Device Web Services API for Apple Device Enrollment Program (DEP) to support Apple feature of disowning or device removal process. The Disown Device API when invoked, disowns a device (based on device identifier) that are associated with the DEP token.

Note: After disowning a device, it needs to be manually removed control to un-enroll the device. 

The API is used to disown devices and informs Appleʼs servers that the server no longer owns one or more MaaS360 enrolled DEP devices. The response that is obtained from the API is depicted as follows.

Success-Device is successfully disowned.

Not accessible-A device with the specified device ID is not accessible.

Failed-Disowning the device failed for an unexpected reason. Note: If 3 retries fail, then you need to contact Apple Support.

Support for configuring certificate based authentication for web pages by using Persona Policy >>

Maas360 adds support for enabling certificate-based authentication for web pages. The setting is listed under Browser Defaults in Persona Policy. On enabling this setting, allows user to authenticate to webpages by using an identity certificate. In the setting, choose the template ID for certificate authentication such as CE certs template id and derived credentials that is to be presented to the webpage when challenged. The setting is supported on MaaS360 iOS Browser 2.6+.

Android

One-stop shop for all Android enrollments >>

Maas360 adds Android Enrollment Wizard, a consolidated workflow for all Android enrollments - Device Admin, DO (Device Owner), and (PO) Profile Owner. The enrollment wizard displays interactive options to help you drill down to the Android enrollment method that suits your requirements. While this new feature greatly minimizes the time and efforts for the new customers, the existing Android enrollment menus are still available in the MaaS360 portal.

Deprecation of Device Admin policies >>

When the Android upgrades its OS to version 10 in 2019, some of the Device Admin policies will be deprecated.

Support for additional Android Enterprise policies >>

MaaS360 adds support for additional Android Enterprise policies for Android devices running OS version 9 and above.

App wrapping enhancements >>

MaaS360 adds support for new configuration parameters to overcome issues during the app wrapping. Effective 10.71, MaaS360 allows administrators to enable multidex for Analytics-only (marked for collecting analytics data) apps. 

App Management

Support to add Android Enterprise apps from managed Google Play account >>

MaaS360 embeds managed Google Play iframe in the App Catalog to allow the administrators to add and approve Google apps directly from the managed Google Play store. In the previous releases, administrators had to add apps from the public Google Play store.

Support to edit app installation and update settings for Android enterprise apps >>

MaaS360 adds support to allow the administrators to edit the installation and update settings for Android enterprise apps. With this support, administrators can deploy the enterprise app updates to the devices that already have the primary version sideloaded through a third-party source (other than MaaS360). Requires MaaS360 for Android agent 6.40 and above.

Support to stop or retry installation >>

MaaS360 adds a new Manage Distribution page to allow the administrators to track all the distribution targets of an app. With this feature, administrators can easily stop an active distribution and retry the installation if the installation of iOS apps is not successful. In case administrators have not used the Number of times to retry option while adding the app, they can still do a retry on-demand using the retry install feature. The retry installation feature is applicable only for iOS app distributions marked for instant install. 

Windows

Support for Windows 10 Delivery Optimization (DO) policy setting >> 

MaaS360 extends Windows 10 policy setting to support the Delivery Optimization (DO) method that is a peer-to-peer delivery of updates to an organization's networked PCs. The updates include Windows updates, security updates, Windows Store Apps, and Windows Store for Business Apps. By using the policy setting, select the peers included in the DO method, cache settings, and bandwidth throttling settings. The DO method addresses and reduces the bandwidth issues during the update process. The Delivery Optimization setting is accessible under Device Settings in a Windows policy setting.

Display of supported OS versions for any Windows MDM policy settings >>

MaaS360 displays the Windows OS version on which a specific Windows MDM policy setting is supported. The supported versions are displayed in the MaaS360 portal against the settings in the Windows policy. Some of the supported OS versions that are displayed are Windows Phone 8+, Windows 10 Professional, Education, Enterprise, Windows Team, and Windows Holographic.

Deep Links for Download and Install 

MaaS360 adds an enhancement to the deep links feature in the Enterprise App Catalog. Previously users could navigate to a detailed view of an app in the Enterprise App Catalog by tapping a URL from a different app or from a web portal. Now, users can directly download and install the app from the provided link with just that one click. This feature is available on Windows 10+ MDM devices.

Default syntax to download and install an app: maas360appcatalog://launchapp?appID=77a5f49b-3d10-3c1f-a073-8eca625dba2d&appVersion=1&downloadinstall=true

Note: Requires Windows Core 4.00, Windows MES 2.00

Support for WiFi SSID based Geofencing for Windows 10 MDM devices

Maas360 enhances the Geofencing feature to include WiFi based geo-fencing for Windows 10 MDM enrolled devices. The managed WiFi locations can be added in the Maas360 portal by administrators. To add a location login to the MaaS360 portal, and under Security > Locations > Add Wi-Fi Locations, enter the Location Name, Wi-Fi SSID and MAC Address. Administrators can enforce different policies based on whether the devices have Checked In to the managed WiFi locations. In order to do this, use "Assign Policies" action available for each managed location to assign an Windows 10 MDM policy to a device checking into managed location. 

MaaS360 Portal also provides Checked In or Checked Out status of the devices getting connected or disconnected to those WiFi locations time to time. Users can also view the managed WiFi locations in the Windows 10 MaaS360 app on the device.

Note:

• Require MES Agent version 1.85, MaaS360 Core app 4.00.
• This feature is not available for self service. Contact IBM support to enable the feature.

Support to distribute Java Patches from Maas360 Portal

Maas360 automates and simplifies Java patch handling using custom Enterprise Patch Repositories that are administered from the MaaS360 portal with a one-click button. Enterprise Patch Repository definition does not require visibility into missing Java patches, but it is required to deploy and manage patches to users — on and off the corporate network, this is because Oracle mandates its customers to submit enterprise license for download and distribution of Java patches.

To distribute Java Patches, download them from the Oracle Website using your Oracle Enterprise License and host them on a server that is publicly available and it can serve as Enterprise Patch Repository server. Provide the server URL for Enterprise Patch Repository server under Security> OS Patches (Windows) > Enterprise Patch Repository to complete the setup. 

IBM Cloud Identity support for Windows 10 Laptops and Desktops

MaaS360 adds Windows 10 Desktops and Laptops to the supported devices list that integrates with IBM Cloud Identity, a stand-alone identity service from IBM, to provide single sign-on (SSO) capabilities that ensure only trusted devices and apps can access enterprise or corporate resources.

This provides easy SSO to native applications, Store apps, SaaS or web-based applications to boost productivity. It also provides conditional access to ensure that only trusted devices and applications access enterprise resources and two-factor authentication to mitigate risk of unauthorized access, saving the need to store multiple username/password. Previously the feature supported mobile devices with iOS 7+ or Android 5 and above.

Platform

Web Services API documentation availability from within the MaaS360 portal >>

MaaS360 allows administrators to access the web services API documentation from within the MaaS360 portal user interface. The user interface includes reference about the web services API, and an option to try out the APIs depending upon the type of access rights the administrator account has.

New compliance use cases under Business Templates based policy >>

MaaS360 enhances Business Templates based policy by introducing two more business use case templates. Center of Internet Security (CIS) and Security Technical Implementation Guide (STIG) business use case templates are listed for Business Templates based policy as part of Add Policy workflow. With this feature, you can create policy based on CIS and STIG security compliance templates-based policy.

New search attribute introduced for Advanced Search based on operating system OS version (numeric) >>

MaaS360 adds support for a new search attribute in Advanced Search that is based on operating system, called "OS Version (numeric)". Equal To, Greater Than, Greater Than or Equal To, Less Than, Less Than   or Equal To, and Not Equal To conditions are supported for this attribute.

The new search attribute is applicable for iOS, Android, Windows, macOS, and Windows Phone operating system. The OS version (numeric) attribute based search condition works for AND operator with platform name as the other condition. The search results return empty set for OR and other advanced search conditions.

Viewing Policy and Organization Profile Information for Policies

Maas360 adds an information section to the policies for administrators to check the origin of a policy. MaaS360 has policy recommendation engine which can suggest policies based on peer best practices. These community-based policies are derived using the variables of industry, device count and region, which is called as the organization profile. MaaS360 also has pre-defined policies based on business use cases. 

The information section shows admins the organization profile that was chosen while creating a community-based policy, or for a business template based policy, it shows the business use case that was selected. The information is captured and shown for new policies created after 10.71 release. For existing policies, you can view the name and description of the policy in the information section. The organizational profile information is also displayed before publishing a policy with cognitive policy recommendations. The profile cannot be edited so that the recommendations are consistent whenever you edit a policy. A new policy can be created for a new profile or a new business case.

Password Prompt Controls for MaaS360 Portal

MaaS360 introduces controls for password prompt that is displayed to administrators when they take important actions on the portal. The password prompt is to ensure that only authorized personnel take actions on the portal. MaaS360 recommends that the prompt should be always shown to all administrators. There are three settings available and the setting are configured based on the available administrator roles:

The option is available under Setup > Administrators > More > Administrator Settings .

• Prompt Always: Administrators are always prompted for password wherever applicable.
• Let Administrator Choose: Administrator can turn off password prompt for 5, 10, 20 minutes or rest of the session. If logged out they are prompted again, the next time.
• Never Prompt: Administrators are not prompted for a password for any action on the portal.
• If nothing has been set for a role, the default will be 'Prompt Always'.

Note:

• The settings are applicable from the next login to the MaaS360 Portal.
• All actions on the portal may not require password confirmation.
• The password prompt settings can be modified only by global administrators with Service Administrator role.

Importing specific user groups for an Azure AD tenant into the MaaS360 Portal

MaaS360 now allows administrators to import specific user groups for an Azure AD tenant into the MaaS360 Portal and synchronize data for these groups with existing groups in the MaaS360 Portal. This feature is available in the Master Admin Portal as the Enable Azure Group Based Data Sync custom property

Cloud Extender 2.96 and Mobile Enterprise Gateway (MEG)

New Cloud Extender Configuration Tool

For the MaaS360 10.71 platform release, the new Cloud Extender Configuration Tool is generally available for all customers. The Knowledge Center content will be gradually updated for the new tool in future MaaS360 platform releases.

Testing the validity of SSL certificates in the MEG trust store

The new Cloud Extender Configuration Tool provides a diagnostic tool that allows an administrator to check the validity of SSL certificates in the MEG trust store. 

Testing the reachability of a WebDAV fileshare or folder from MEG

The new Cloud Extender Configuration Tool provides a diagnostic tool that allows an administrator to test whether a WebDAV resource is reachable on the network.