Secure Unified Endpoint Management 21.0.2
About this Release
Matrix42 Secure Unified Endpoint Management 21.0 Update 2 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.
System Requirements
Please refer to: Installation Guide II: System Requirements
Overview
New Features
New Features
Matrix42 PackageCloud Integration
Matrix42 PakageCloud offers a variety of pre-built software distribution packages. A description can be found in the Matrix42 Marketplace. The integration allows you to easily search for packages and directly integrate or download them.
Without authentication set up, all packages are displayed under "Software Distribution -> PackageCloud". Details about packages can be retrieved by selecting a package.
Note that to import or download packages, authentication to the Matrix42 Account Service must be established. This is done in the Administration in the Service Connections section. Depending on whether your company has a PackageCloud subscription, either all or only the "free" packages are downloadable.
The ability to create a service connection to the Matrix42 Account Service will be provided with a DWP 10.1.1 hotfix after the initial release.
Add Mobile Device(s)
Administrators can initiate and execute enrollments for modern managed devices, based on available user information in the Digital Workspace Platform. Please refer to Release Notes Silverback 21.0 Update 2 for reviewing information about the background activities.
Initiate Enrollment
- Navigate to Endpoint Devices and click +Add Mobile Device
- Select at least one of the available users and select if the device is a personal or a corporate owned device
- Finish the Enrollment Invitation with Send Invitation
Please make sure that the selected users are authorized to connect their devices. The selected users must either be part of the stored LDAP filter in the Silverback Web settings or alternatively exist as a local user in the system. The user(s) will receive an e-mail notification with the access data upon successful validation.
- Proceed with User Driven or Administrator Driven Enrollment
User Driven Enrollment
- All invited Users will receive a new Email with Enrollment Information based on the Admin Provisioned a Device Notification for User Email Template
- Users can now scan the QR-Code or follow the instructions given in the Email
Administrator Driven Enrollment
Option 1: You are a Silverback Administrator
- Silverback Administrators will receive by default a new Email with Enrollment Information based on the Admin Provisioned a Device Notification Email Template
- Administrator can now scan the QR-Code or follow the instructions given in the Email
Ensure to have the Receive Email Alerts checkbox enabled in the Silverback Management Console
Option 2: You are not a Silverback Administrator
- Switch to the Administration Application and navigate to Integration > Enterprise Service Bus > Remote Actions
- Search for Name Add Mobile Device and open the action preview
- Search for the following entry: Pending Enrollment created for Email maria.miller@imagoverum.com with Otp p6tw
- To add a device on behalf to a user, open on the device the following adjusted URL: https://silverback.imagoverum.com/activate
- Enter the username and the OTP to download the profile. Follow the given device instructions.
Add Applications
Administrators can upload and distribute from now on enterprise applications for modern and co-managed devices. Please refer to Release Notes Silverback 21.0 Update 2 for reviewing information about the background activities.
The file upload requires that the File Upload Service is configured in the Administration. See File Upload Extension
General Overview
Upload, configure and distribute your enterprise applications for Android, iOS, iPadOS, macOS and Windows devices. Navigate to Software Distribution > Apps and select the new Add Application option. Drag and Drop your binary to add your enterprise application to the package library. By adding an application and based on the file type, Secure Unified Endpoint Management will guide you through the additionally needed information and requirements. Each uploaded application will automatically generate under Endpoint Configuration > Tags a new assignable Tag.
| Android | iOS/iPadOS | macOS | Windows | Additional Information | |
|---|---|---|---|---|---|
| Supported filetypes | *.apk | *.ipa | *.pkg | *.msi | Drag and Drop your application or select the file with the open function. |
| Name | Required | Required | Required | Required | Enter a name with less then 250 characters |
| Description | Required | Required | Required | Required | Enter a description with a maximum of 500 characters |
| Configuration | Not available | Optional | Optional | Optional | Add an optional application configuration. Apple applications requires the configuration in an XML format. For Windows applications, add your *.msi installation parameters here. |
| Icon | Optional | Optional | Optional | Optional | Upload an icon. Supported file types are *.png, *.jpg, and *.ico |
| Property List | Not available | Required | Required | Not available | Upload a valid property list file for the bundled executable with file type *.plist |
| Operating System | Not available | Available | Not available | Not available | As *.ipa is the filetype for iOS and iPadOS devices, select at least one target operating system. |
Additional Notes
- After first upload of your Enterprise Application, a new Tag will be generated automatically
- Existing Tags will be updated if the following criteria remains the same
- App Identifier / Bundle ID
- Operating System
- Version
- Application Type
- By default, Enterprise Applications will be imported with enabled App Management options Visible in App Portal and Automatically push to managed devices
- If you need to adjust your configuration, you need to upload the package again
New Actions for Endpoint Devices
One important part of device management is to handle the day-by-day support for administrators. In this release we extended for modern and co-managed devices several day-by-day actions. Each action can be performed as a single method or in bulk. If unsupported platforms will be selected, the option for the bulk execution will disappear in the User Interface. Each action can be reviewed in the Administration Application under Integration > Enterprise Service Bus > Remote Actions.
Rename will be applied after the device is connecting the next time to the Server. You can execute refresh afterwards to rename the device instantly if the device is online.
| Device Action | Android | iOS / iPadOS | Windows | tvOS |
|---|---|---|---|---|
| Clear Passcode | Yes | Yes | ||
| Restart | Yes | Yes | Yes | Yes |
| Rename | Yes | Yes | Yes | |
| Message | Yes | |||
| Shutdown | Yes | |||
| Location | Yes | |||
| Play Sound | Yes | |||
| Lost Mode | Yes | |||
| Defender Signature Update | Yes | |||
| Defender Offline Scan | Yes | |||
| Clean | Yes |
Improvements and Changes
Package Upload Wizard
- The Package Upload Wizard can now use Matrix42 Service Accounts (Matrix42 Cloud Customers only).
- The configuration used by the Package Upload Wizard can be configured. If multiple connections for the file upload service are configured, it is possible to select the desired in UEM -> Settings. If no connection is selected it will use the latest modified entry of the file upload service connections.
File Upload Service Extension
The Extension is automatically installed when installing or updating the UEM Extension. The Extension is hidden in the Extension Gallery.
- New option to use the Service Connection of the Digital Workspace Platform
- Used for authenticating to the Matrix42 Marketplace for the Package Cloud integration
- Matrix42 Cloud customers will be configured to use this new option for configuration of the file upload service
- The configuration of the Extension is located in Administration - File Upload Service - Storage Connections
User Interface
- Added new Pickups for Windows 11 and Windows Server 2022
- Renamed App Filter Windows 10 to Windows
EgoSecure Data Protection UUX
- Standalone EgoSecure Service Bus Adapter is no longer available as a separate installation package, it is now a part of all-in-one EgoSecure Server installer as a component
- Full Disk Encryption policies can now be configured in Depot
- Pre-Boot Authentication policies can now be configured in Depot
- Assignments to apply Full Disk Encryption and Pre-Boot Authentication policies to the target systems via Enterprise Service Bus were added
- EgoSecure Service Bus Adapter and EgoSecure Server version information is available now in UUX Console in the General Settings section
- Connection status with EgoSecure Server and EgoSecure Service Bus Adapter available in UUX Console for simplified connectivity troubleshooting
- Version mismatch detection between solution components (UUX Console, EgoSecure Server and EgoSecure Service Bus Adapter) was added
- EgoSecure License management wizards to manage EgoSecure Server licenses using Activation Code and License Key files were added
- Communication between EgoSecure Service Bus Adapter and EgoSecure server was improved and simplified