Secure Unified Endpoint Management 22.0
About this Release
Matrix42 Secure Unified Endpoint Management 22.0 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.
System Requirements
Please refer to: Installation Guide II: System Requirements
Overview
New Features for Unified Endpoint Management
- New Device Actions
- Additional Factory Wipe Options
- Hardware Drivers
- Variable Configurations
- Boot Configurations
All new features, improvements and changes are also available in Secure Unified Endpoint Management
New Features for EgoSecure Data Protection
New Extensions
New Improvements and Changes
New Features For Unified Endpoint Management
New Device Actions
Within this release, we extended for Windows 10/11 and macOS devices that are modern or co-managed, several new device actions as shown below:
| Platform | Action | Description |
|---|---|---|
| Windows 10/11 | Autopilot Reset | Autopilot Reset works like a PC Reset, except that the Autopilot reset keeps the device enrolled in Azure Active Directory and in Unified Endpoint Management. Additionally, it keeps several device information. Please refer to Windows 10/11 All about Windows Autopilot for additional information. |
| Location | Retrieves the device location and sends a notification to a user about location access. The captured location will be reported in the Action Status. | |
| Request Diagnostics | Requests a Remote Diagnostic Archive and uploads it to an Azure Blob Container. | |
| macOS | Restart | Forces the device to perform a restart or sends a notification to the user to restart the device manually. |
| Shutdown | Forces remotely the device to shutdown. | |
| Enable Remote Desktop | Remotely enables the Remote Management with the All Users access, the ability to receive remote events and the Observe, Control, and Show being Observed options. | |
| Disable Remote Desktop | Remotely disables the Remote Management with the All Users access, the ability to receive remote events and the Observe, Control, and Show being Observed options. |
Additional Factory Wipe Options
Windows 10/11 and iOS / iPadOS offers multiple options to wipe and re-provisioning devices and we want let you participate from all these possible scenarios. As our previous versions did not supported all of them, we are now even happier that to share with you multiple new factory wipe options that will increase your flexibility. By clicking the Factory Wipe button from the Endpoint Devices section, the following types can now be chosen from the additional options section:
| Platform | Action | Description |
|---|---|---|
| iOS / iPadOS | Preserve Data Plan | The Preserve Data Plan option will preserve the data plan on an iPhone or iPad with eSIM functionality if one exists. This option is available for devices running on iOS 11 and later. |
| Skip Proximity Setup | This option will disable the Proximity Setup (Quick Start) pane in the Setup Assistant after the factory wipe. Available for iOS and iPadOS devices running on iOS and iPadOS 14 and later. | |
| Require Network-Tethering | If devices are not network-tethered, the devices will ignore this command. | |
| Windows 10/11 | Wipe and persist provisioned data | Specifies that provisioning packages will be retained during the factory reset. |
| Wipe protected |
This option performs a remote wipe on the device and fully cleans the internal drive. The functionally is like basic wipe. But unlike Wipe, which can be easily circumvented by simply power cycling the device, this option will keep trying to reset the device until it’s done.
In some device configurations, this command may leave the device unable to boot. |
|
| Wipe and persist user data | Will perform a remote reset on the device and persist user accounts and data. Additionally, the device remains enrolled during the factory reset execution and assigned profiles and applications will be re-applied to the device after the factory reset process is finished. |
Hardware Drivers
Hardware drivers are used in the Empirum Management Console (EMC) to assign them to Computer models so they are considered during the WinPE based OS deployment. The Empirum hardware drivers are now shown in the UUX. In addition it is now also possible to upload hardware drivers which where created via the Matrix42 Packaging Center or exported from an Empirum server via the "Add Package" action. Hardware drivers cannot be assigned in UUX as they will be detected automatically during the Windows OS Installation. The driver packages need to be assigned in the EMC console to the supported Windows versions/platforms.
Review the online help for more details about the Driver Assistant and Hardware Drivers.
Variable Configurations
Variable Configurations are collections of variables in Empirum. They are displayed in the new navigation item Package Configurations. They can be used in assignments to configure the deployment of packages by setting variables in Empirum. Variable configurations exported using the Empirum console can be uploaded with the "Add Package" action. See the online help for more information about Variable Configurations.
Boot Configurations
Boot Images are now displayed as Boot Configurations within the Operating Systems navigation. They contain the information about the used Windows PE or EPE and the configuration. Boot Configurations can be assigned to computers for PXE based OS installations. It is now also possible to upload locally created boot images via the "Add Package" action. After the import in Empirum, a corresponding Boot Configuration is created and added to the UUX.
Boot images can be created using the Matrix42 Packaging Center 22.0.
New Features for EgoSecure Data Protection
Application Control with Trusted installer
With Application Control, you control which applications may be executed on an endpoint and which may not. Only the applications installed by the specified Trusted installers and are allowed.
Network Share Encryption configuration
Protects against moving the encrypted drive into another computer and secures Device Encryption Key with Trusted Platform Module hardware-based technology.
Track and review administrators’ activities
Revision Overview of Console operations, type of administrator who performed an operation, and an operation result
Enhanced and Improved Secure Audit Product settings
New Extensions
Empirum Service Provisioning (TP)
The Empirum Provisioning Extension allows the creation of software services from Empirum packages and provides the required provisioning workflows to enable customers to offer software services in the Self Service Portal. It replaces the formally included Empirum Connector and uses the newer DWP features to allow hybrid deployment scenarios based on Data Gateways running on Workers. The Empirum Provisioning Extension requires the Empirum Inventory and the Generic Inventory Import Extension as prerequisites. Also the UEM Extension is required as it now offers the functionality to selectively create services from Empirum software packages from the UEM software library. The Empirum Inventory Data Provider Extension and the Empirum Provisioning Extension are currently provided as technical preview and can be obtained on request at beta_uem@matrix42.com.
Review the dedicated help of the Empirum Inventory Data Provider Extension and the Empirum Service Provisioning Extension.
Improvements and Changes
- Added missing German translations to several actions and action state names.
- Extended descriptions in confirmation screens for several device actions
- Platform information in Software Package Preview updated to new ESB based values.
- Processing rules allow the selective handling of data retrieved via ESB: The first rule is for Firescope and allows to define values which will only be overwritten when empty in the DWP.
- New identifiers for objects based on the unique ID in the source system or the unique ID in the DWP. This allows faster and more reliable matching.
- ObjectID – unique Id in DWP
- PlatformObjectID – unique ID in core system & node information (Header “From”: Name/Node)
- Enhanced performance on ESB message consumption.
- ESB Handlers allow processing requests via ESB messages. Firesope uses this to retrieve type and schema information before updating objects.
- Empirum sends the heartbeat response with 21.0.3 (leftest hotfix) and 22.0 onwards. With 22.0 it is also possible to provide a display name for easy identification of the node.
Bug Fixes
- Fixed a problem with automated assignment of principal users (Matching using date/time values now works more robust and also with multi fragment data)
- Fixed an issue where assignments are displayed several times in the Endpoint Devices Preview
- Fixed that assignment group loses distribution options on inactive/active setting (toggling assignments from active to inactive and back resulted in not setting the configured distribution options)
- Fixed last seen in threat detection
Additional Information
- Silverback 22.0 - Release Notes
- Empirum 22.0 - Release and Update Notes
- EgoSecure Data Protection 22.0 - Release Notes