2021 Release Notes

Cloud Release Summaries

10.81 Release Summary

iOS

Advanced restrictions for iOS 14 devices >>

MaaS360 adds a new policy setting Allow Apple Personalized Advertisements to allow administrators to restrict the use of users’ data by the Apple advertising platform to deliver personalized ads on iOS 14 devices. This setting replaces Limit Ad Tracking, which will now be supported only on iOS 13 or lower versions. Administrators can now use the new policy setting Preview Type to control how the notifications previews should be displayed on the device. MaaS360 also adds a new supervised setting Allow Near Field Communication to allow administrators to restrict the use of NFC on iOS devices.

MaaS360 stops showing available iOS updates for non-supervised devices >>

MaaS360 no longer syncs the available iOS updates from Apple for non-supervised devices. For the supervised devices, MaaS360 will continue to display the available iOS updates in device summary > Hardware & OS > Available Updates.

Locate a device that is marked as lost >>

In 10.80, MaaS360 added separate APIs to mark devices as lost and mark devices as found. In this release, MaaS360 added a new API to locate the devices that are marked as lost. For more information, refer to the latest Webservices guide.

Android

Custom command support >>

Administrators can now issue custom commands to execute remote actions on the managed Android devices. After the specified action is executed on the device, the execution status can be tracked in the device history. Note: Requires MaaS360 for Android app version 7.40 or later.

Device admin deprecation >>

Google announced the deprecation of the legacy Device Admin (DA) for enterprise use effective with the Android 10 Q release. In an attempt to promote the adoption of Android Enterprise, Google deprecated Device Admin management capabilities over the past few releases. Effective 10.81, MaaS360 no longer supports Device Admin enrollments for new customers. For the existing customers who have been using DA, MaaS360® recommends that they adopt Android Enterprise. Customers who have BYOD program can use the migration option in the MaaS360 portal to move to Android Enterprise Profile Owner (PO) mode. Customers who want to move to Device Owner (DO) or Work Profile on Corporate Owned (WPCO) device modes, will require device factory reset to move.

Granular status and error reporting for apps marked for instant install >>

MaaS360 makes it easier for the administrators to troubleshoot issues with instant install apps by adding new granular app installation statuses and retry logic. With this support, the instant install apps will report accurate app failure status (Failed instead of Pending) and device state (Out of Compliance or Selective Wipe). The status can be tracked in real-time and in case of installation/upgrade failure, MaaS360 automatically retries app installation up to 3 times on OEM devices. Note: Requires MaaS360 for Android app 7.40. Supported on both Device Admin and Android Enterprise devices.

Work Profile on Corporate Owned (WPCO) enhancements >>

In the previous releases, MaaS360 added support for Work Profile on Corporate Owned (WPCO), the new Android Enterprise management scenario that offers strict separation between work and personal profiles on corporate-owned devices. Effective 10.81, in addition to QR code enrollment, MaaS360 adds Zero-Touch enrollment option to set up a work profile on company-owned devices and extends WPCO support to the Samsung devices. Administrators can also enforce a new restriction Configure personal apps to be Blocked/Allowed to allow/block the installation of specific apps via Google Play Store in the personal profile of a company-owned device.

Behavior changes when MaaS360 targets Android 11 >>

When the MaaS360 for Android app targets Android 11 APIs, MaaS360 can no longer access the entire external storage directories on the device. The access is limited to specific directories and specific types of media that is supported by those directories. This means that administrators can distribute files only to the selected directories through the MaaS360 portal. While importing files into Docs and PIM apps, MaaS360 no longer displays the custom File Explorer option. However, users can use the system Files option that provides similar functionality as custom File Explorer. Users need not have to explicitly grant storage access to MaaS360 before accessing files in the Secure Viewer and Editor on Android 11 or later versions.

Force app configuration feedback at device level >>

MaaS360 adds a new device-level action Force App Config Feedback to allow administrators to force the device to retrieve app configuration feedback from Google as quickly as possible and display it in the MaaS360 portal. Administrators can issue this action up to 3 times in 24 hours for a device.

Switch to a strict scheduler to schedule background tasks >>

AlarmManager and JobScheduler are among the popular methods supported in Android to schedule recurring background tasks. In the previous releases, MaaS360 used JobScheduler by default to report device heartbeat to the MaaS360 portal. In 10.81, MaaS360 adds a new policy setting: Use Strict Scheduler for Heartbeat to allow administrators to switch to AlarmManager, a stricter scheduler to execute background tasks such as device heartbeat. AlarmManager is strict in that the job is executed at the scheduled time even though the device is inactive, resulting in a battery drain. JobScheduler is optimized by the operating system to perform tasks when the device is charging, idle, or connected to a network.

Status of the System apps reported to the MaaS360 portal >>

If the System apps are distributed to the devices via App Catalog, the status of those apps is reported to the MaaS360 portal and displayed on the Device Summary > App Distributions page.

Platform

Addition of Custom Attributes section in the Device Summary >>

In addition to the existing device details in the Device Summary page, a new section called Custom Attributes is added that shows all device custom attributes that are defined by administrators. Administrators can now easily view and modify   custom device attributes from the Device Summary page. The existing Custom Attributes page continues to show both MaaS360 defined and administrator defined custom attributes. 

Search for devices with empty and non-empty attributes in Advanced Search >>

In this release, 2 new search criteria namely Is Empty and Is Not Empty are added in the Advanced Search condition. Previously, searching for devices that have empty and non-empty attribute values for any of the search categories was not possible. With these 2 search criteria, you can now search for any devices that have empty or null values and non-empty or non-null values for any of the attributes in the search condition. Example: You can search for users whose user groups value is empty, search for devices whose MaaS360 license status is not empty, and so on.

Support to filter users list in the User Directory based on users with devices and without devices >>

MaaS360 improvises the filtering capability in the User Directory page to help Administrators view users list based on users with devices, users with no devices, and all users in the customer account. Previously, "Hide users with no devices" option was available that would list only users with devices that are associated with the user account. Effective this release, Administrators can also view users with no devices that are associated with the user account. The "Hide users with no devices" is deprecated from this release and following 3 options are added:

  • All Users: User Directory page shows all users in the customer account. This list includes both users with devices and without devices that are associated with their user accounts. 
  • Users with Devices: User Directory page lists only users that have devices that are associated with the user account.
  • Users without Devices: User Directory page lists only users without devices that are associated with the user account. 

Based on the option that is selected, User Directory page displays relevant users and Administrator can export the user details by using the Export option in the User Directory. This way, Administrator can view users with no devices as well in the User Directory page.

Improved ways to get new user login password >>

To ensure password security compliance, MaaS360 adds a new way on how user password is communicated to a local user during new user creation and password update scenarios. This change is applicable for manually set user password and auto-generating user password methods in the User Password Settings that are listed in User Settings page. Following changes are introduced in the User Password Settings.

  • A new setting Send password to user's email that is added as a  checkbox under During User Account Creation (Manually set User password). If this checkbox is enabled, then, new users continue to receive the portal login password over welcome email. If unchecked, then, the welcome email sent to user does not include the login password and shows the following message: 'Please contact corporate administrator for the password'. New users can get the login password by contacting the corporate administrator. By default, this checkbox is enabled for existing customers so the new user creation process is unaffected and user can continue to receive password over email. For new customers, the checkbox is unchecked by default. 
  • User account creation (Autogenerate User password): In this case, the password reset link is sent to the new users in the email that is sent following the welcome email. Using this link, users can set the MaaS360 account password. Even in case of password reset request, the password reset link is shared with user over email to set a new password. This workflow change is applicable to both new and existing customer accounts. Previously when this setting was chosen for user password setting, login password was shared over email and when user logs in to EUP, a prompt to change password was shown by using which user could set a new login password. 

MaaS360 supports IBM's use of inclusive language in technology

IBM has launched an initiative to identify and replace terminology that promotes racial and cultural bias. MaaS360 aligns with IBM values in embracing the use of inclusive language by identifying and replacing racially and culturally biased terms in our product and documentation. 

While IBM values the use of inclusive language, terms that are outside of IBM's direct influence, for the sake of maintaining user understanding, are sometimes required. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the product and documentation to reflect those changes. To learn more about this initiative, see the Words Matter blog post on ibm.com.


Analytics

General availability of User Risk Management feature >>

MaaS360 announces general availability of User Risk Management feature to all new and existing customers. The feature offers a holistic view of the risk that is associated with each user by evaluating security and compliance through a device-centric approach whether a device is in or out of compliance.  To gain access to user risk management dashboard, customers must enable this service from Setup > Services page and enable User Risk Management. The feature offers Risk Rule Configurator and Security Dashboard to define and evaluate risk incidents. To view Risk Rule Configurator and Security Dashboard in the MaaS360 portal, go to Security under the Security Management section.

The Risk Rule Configurator offers 14 predefines rulesets using which Administrator can customize the risk model to identify  the risk incidents according to their organization's needs. The Security Dashboard gives an overview of the risky users, risky devices, total risk incidents, and the average risk score in the organization. Administrators can drill down to the risky users and devices and get a comprehensive overview of the incidents committed by a single user with the user summary page. 

Enhanced UI dashboards and near-real time reporting for Mobile Data Usage Overview and Mobile Data Usage Analysis reports >>

MaaS360 offers improved UI experience for Mobile Expense Management reports and are available to all customers now. The functionality of the report remains the same as in previous user interface. The UI design elements are enhanced to offer best user experience with reporting. In addition to the enhanced UI, following capabilities are also offered;

  • To easily access the subscription settings and UI settings configuration, an option 'Subscription settings' is added in the data usage overview and data usage analysis reports page. On the click of this option, you are directed to the Analytics section under the Administrator Settings where you can configure the subscription settings for each of these reports. 
  • These reports are near real-time; any updates to the mobile data usage on devices are almost instantaneously reflected in the reports.
  • The report dashboard shows a table icon, which when clicked shows both the chart data and the table data for the respective reports. 

Near-real time reporting for Basic Apps Inventory and Advanced Apps Inventory reports >>

With the real-time reporting capability, Basic and Advanced Apps Inventory reports are now almost near real-time. Any updates in the statistical overview about app usage and app performance for managed and unmanaged apps on the devices are almost instantaneously reflected in these report dashboards. 

Windows

New Microsoft Defender Device Guard policy >>

MaaS360 adds support for Microsoft Defender Device Guard (Device Guard) settings in the Windows MDM policy. The Device Guard settings allow administrators to configure settings that protect system integrity (System Guard) and credentials (Credential Guard) on Windows 10 devices.

The System Guard settings protect and maintain the integrity of the system as the system starts and validates that system integrity was maintained through local and remote attestation. 

The Credential Guard settings use virtualization-based security to prevent unauthorized access that can lead to credential theft attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGT), and credentials stored by applications as domain credentials. 

The Device Guard settings also protect devices on the next device reboot by using virtualization-based security features such as Secure Boot that check that a device boots authorized code and prevents bootkits and rootkits from installing and persisting across reboots, and hardware-based security features such as Direct Memory Access (DMA) that provide isolation and protection against malicious DMA attacks during the boot process and during the runtime of the operating system.  

Windows 10 and Windows Server version 20H2 support for enforcement rules for Windows device compliance >>

MaaS360 now supports Windows 10 and Windows Server version 20H2 when you configure and assign compliance rules to Windows devices at the device level, group level, and during device enrollment.

Tags: