Release Notes Silverback 19.0 Update 2
About this release
Matrix42 Silverback 19.0 Update 2 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners in order to provide an ideal feature selection.
Please find the installation files of this version on Matrix42 Marketplace.
System requirements, instructions for installation and update as well as for basic configuration are available in the Matrix42 Help Center.
Overview
Before you start
- Please note that this Release requires on Android and Samsung Safe devices the newest Companion (19.0.2.12) version to work properly.
Deprecations
- Windows Server 2008 R2 is not supported on this Release
- Windows Phone 8 has been removed
- Divide Email client has been removed
New Features
- General
- iOS
- Android & SamsungSafe
- Windows 10
- macOS
- tvOS
- ChromeOS
Improvements
- Added new API Call for a personal enrollment type
- Policy Violation Emails now includes device serial number in Subject
- Managed application list is now shown as a separate item under Actions
- Updated User Interface for Certificates
- Security Patch Level is now visible for Blocked Devices Tab
- OS Update column is now available for Blocked Device Grid
- Clear Delta Token for Volume Purchase Program License Information
- Changed column sizes for Blocked devices for preventing vertical scrollbars
- Added M42Documents Silversync BundleID
- Removed ability to change application type after adding to App Portal
- Windows 10 Clean PC action has been renamed to Clean
- Replaced empty value for EAP Type dropdown to "None" for Samsung Safe and Android Wi-Fi profiles
- Added tooltip to Android Beam restriction
- Added new column for Device Owner under Devices
- Added possibility to display 50 and 100 Tags
- Added ability to search for Application Type when assigning Apps to a Tag
- Ability to factory wipe personal devices has been removed at all
- Used Apple ID for APNS Certificate is now required and will be displayed
- Used Google Account is now shown after Android Enterprise activation
- Device Enrollment Program sections displays now Expiration Date of DEP Token
- Display Choose File is shown next to DEP Token
- AppleTV is now enabled by default
- Managed App Configuration is now queued in Companion
- Companion logs activities now per default for 7 days
- After adding a device to a Tag an instant Push Notification will be send to the device
- Azure AD has been moved from Settings Administrator to Administrator
- Azure AD has been renamed to Azure Active Directory
- Select All Devices function for attaching devices is now available
- Added ability to find device by ID in attach device to tag window
- Added Ability to search by "Assets Id" for Volume Purchase Program Assets
- Certificates under Licenses has been moved to Certificate sections under Admin
- Redundant Information has been removed
- Pointless Default Email Template has been removed
- Descriptions for Managed Play apps are now optional
- We detect now a missing description before we upload the Enterprise Application
- Added Tooltip for Managed Account activation for Managed Profile
- Security Patch Level is now visible for Blocked Devices Tab
- Changes in App column sizes in Tags will not affect App Portal view
- Added tooltip to Android Beam restriction
- Added 12 new devices models
- Gmail and Samsung Mail as Managed Play application will be automatically installed as first
- Changed Subject Alternative RFC822 Name from Username to Computer for Computer Objects
- Queue Device Inventory on Companion Checkin is now activated by default
Minor Changes
- More Button has been renamed to Actions on Device Overview
- Lock action name is changed for Wipe to Factory Wipe
- Enterprise Packages has been macOS renamed to Enterprise
- Android Enterprise Activation settings has been renamed
- Default columns has been adjusted
- Renamed OSX device type to macOS
- Windows 10 Clean PC action has been renamed to Clean
- Windows 10 Pending Commands default search has been change to Command Type
- Renamed Allow dictation to Allow Dictation
Fixes
- Fix for needed multiple clicks for Self Service Portal Login for iOS13 and iPadOS13
- Fix for Manage Config on Android Enterprise and iOS
- Fix for not delivered Exchange Profiles on Android Enterprise
- Fix for Certificate Trust on Android
- Fixed missed device types displaying for Certificate Trust section
- Fixed Remove Certificate error for Work Profile
- Fix for disable Certificate Trusts will not delete certificate from device
- Fixed certificates installation and removal issue for Android devices
- Fix for Certificate Trust and Managed Profiles dependency
- Fix for Computer Account Creation when Hardware Authentication is used with predefined labels
- Fix for displayed Passwords in Audit Logs
- Fix for Clone Tag Functionality
- Fix for Direct Forwarding Issue after first activation for Authentication Providers
- Fix for customized columns in FlexiGrid
- Fix for incorrect data in Resultant Tag for Managed Profile
- Fix for Tag Title is missing at Single Sign On and Web Content Filter configuration for iOS
- Fix for Security Patch Level information is shown for iOS devices
- Fix for Allow App Store Restriction on Samsung Devices
New Features
General
Please find all new general in Silverback 19.0 Update 2 below.
New Tag Auto Population options
In this release we have added two new Auto Population values which will give Administrators more flexibility. The first on Serial Number where you can assign a Tag to a specific Serial Number, e.g. for testing scenarios or special needs of any other user. The second and more effective one is the Auto Population to Device Owner Mode devices. Bringing this Key into the product will give the ability to use for three management methods: Legacy Management, Device Owner and Work Profiles Tags with enabled Auto Population.
Single Serial Number | Device Owner |
Lockdown action delete business data
We have also implemented the possibility to use Delete Business Data for Policy Lockdown actions. With this enabled non-compliance action devices will be removed from the management and will loose the connection to Silverback and needs to be re-enrolled after the security violation has been solved.
Variables for Exchange Active Sync Configuration Label
In Silverback 18.0 we added the possibility to add more than one Exchange Active Sync Account into one Tag with pre-defined account information. Based on a valuable Feedback in our Idea Portal we extended the usability of this feature in the way, that you can now use in the Label field variables, which makes it now clearer which mailbox is hidden behind the mail profile name. Especially if more shared mailboxes are included.
Instead of adding a name like Outlook into the Label field, use any of the available Silverback System Variables.
This new feature is supported on the following Platforms.
Platorm | Supported |
---|---|
iPhone | Yes |
iPad | Yes |
macOS | Yes |
Android | No, Gmail doesn't support predefined account names |
SamsungSafe | Yes, with Samsung Mail |
Windows 10 | Yes |
Certificate Picker for Certificates
To improve the usability of the Silverback Management Console and to provide faster setup for fresh installations, with this release we say goodbye to copy and paste thumbprints into the Console. Each certificate selection now supports a certificate picker with a drop down list to easily select the required certificate. This includes the following fields:
- Agent Certificate in Tags for Wi-Fi Profiles
- MDM Payload Certificate under Settings Admin
- Windows 10 Certificate Enrollment Issuing CA under Settings Admin
- Windows 10 CEP Encryption Agent under Settings Admin
- Windows 10 Exchange Enrollment Agent under Settings Admin
- Web Settings Certificate under Settings Admin
LDAP Connection Check
In addition to the easier setup with the Certificate Picker we also added the ability to check the LDAP connection. The button is placed under Settings Admin > LDAP and is based on the following values:
- LDAP Type (AD is supported)
- LDAP Server
- LDAP Lookup Username
- LDAP Lookup Passwords
These fields are mandatory and can be checked with pressing the save button. If the LDAP Authentication is successful the message "The LDAP Server is available" is shown, otherwise you will receive the response false with "The LDAP server is unavailable".
SMTP Test Button
With the new Send Test Message Button under Settings Admin, Administrators now have the possibility to quickly send a test message to any recipient and can check if the SMTP settings are correct.
Silverback takes the settings directly as they are, there is no need to save settings before sending a message.
iOS
Please find all new iOS Features in Silverback 19.0 Update 2 below.
General Support for iOS13
Apple has introduced the newest version of its iOS operating system, iOS 13, on the 3rd of June at the keynote event of the 2019 Worldwide Developers Conference. iOS 13 is a big overhaul to iOS, with a long list of new features which are mostly addressed to non business related topics. You can find the list of new features available with iOS 13 here: iOS13 -Features - Apple.
Preparing for the release of iOS13 we have added the following capabilities
- Shortcuts has been added Application Blacklist / Whitelist for supervised devices
- DEP Skip Setup Items has been extended
- Keyboard Pane
- Express Language Setup
- Preferred Language Order
- Get Started Pane
- New Restrictions has been implemented
- User Enrollment is supported
- Restrictions has been moved to supervised sections according to required changes
User Enrollment
At the Apple Worldwide Developer Conference this year, Apple announced a new mode of device enrollment, entitled User Enrollment. This is a notably different mode of enrollment than the previously available Device Enrollment, Enrollment via Device Enrollment Program, or Supervised modes of enrollment. While these modes still exist, User Enrollment aims to address Bring Your Own Device (BYOD) deployment scenarios specifically.
Create Managed Apple ID
- Login to your Apple Business Manager
- Navigate to Accounts
- Click Add New Account
- Enter a Name
- Enter a Last Name
- Enter a Managed Apple ID Username
- we recommend to use a naming convention which will be covered with Silverback Variables, e.g. {firstname}.{lastname}@imagoverum.com
- Enter as username e.g. maria.miller@imagoverum.com or mmiller@imagoverum.com
- Under Roles Select Staff
- Select your Location
- As Email Address use e.g. the corporate email address of the user or any other personal email address where the temporary Managed Apple ID password should be send to
- Click Save
- Click Create Sign-In
- Select Send as an email
- Click Continue
- Click Done
Configure Self Service Portal (optional)
- Login to your Silverback Management Console
- Navigate to Admin
- Navigate to Self Service Portal
- Configure either a Apple ID placeholder for the Self Service Portal, e.g. firstname.lastname@imagoverum.com
- Or define Apple ID presets, e.g. {firstname}.{lastname}@imagoverum.com
During Enrollment via Self Service Portal Silverback will automatically pre fill the Managed Apple ID field with the given preset
- Click Save
Create Enrollment
- Open Self Service Portal
- Login with your user credentials
- Enter a phone number (optional)
- Change the Ownership to User Enrollment for iOS
- Enter your created Managed Apple ID or use the prefilled
- Click Start
Enroll your device
- Open Camera on the iOS device
- Scan the QR-Code
- Open the enrollment page
- Download the configuration Profile with pressing Allow
- Click Close
- Open iOS Settings
- Tab Enrol in Silverback
- Press Enrol my iPhone
- Enter the passcode of the device, if needed
- Enter the temporary Managed Apple ID password, which has been send to the user
- Tab Sign-In
- Choose a verification method, either Text Message or Phone Call
- Press Send
- Either you need to enter the verification code given by the phone call or the code will be automatically detected
- Now enter your temporary Managed Apple ID password
- Enter a new password
- Tab Change
- Enrollment process will be finished and the device will be managed
Changes in Management
Due to the fact that User Enrollment is a modified version of the MDM protocol with a much greater focus on user privacy, which is implemented with a level of security that enterprises and end users should be comfortable with, a limit subset of Management capabilities are given to personal owned devices with the User Enrollment. This includes the following changes:
Changes in Device Actions
- Clear Passcode is not supported
Changes in Device Overview
- Serial Number isn't exchanged
- IMEI isn't exchanged
- MAC Addresses aren't exchanged
- Network Information aren't exchanged
- Available OS Updates aren't transmitted to the backend
- Personal installed apps aren't listed
Changes in Applications
- Take management if the app is already is not unsupported
Changes in Restrictions
Only a couple of restrictions are sufficient with the User Enrollment. These includes:
- Notification view on Lock screen not allowed
- Opening documents from unmanaged to managed apps not allowed
- Siri not allowed
- Safari fraud warning enforced
- Siri while locked not allowed
- Opening documents from managed to unmanaged apps not allowed
- Today view on Lock Screen not allowed
- Screen Capture not allowed
Unsupported Methods
- Certificate Based Authentication for Exchange
New Restrictions
iOS13 and iPadOS13 brings a couple of new restrictions, which requires a supervised device. So therefor they are not available for iOS User Enrollment.
iPhone | iPad | iOS User Enrollment | |
---|---|---|---|
Allow Hotspot Modification | supervised, iOS13 | supervised, iPadOS13 | not supported |
Allow Find My Device | supervised, iOS13 | supervised, iPadOS13 | not supported |
Allow Find My Friends | supervised, iOS13 | supervised, iPadOS13 | not supported |
Allow QuickPath Keyboard | supervised, iOS13 | supervised, iPadOS13 | not supported |
Force Wi-Fi Power On | supervised, iOS13 | supervised, iPadOS13 | not supported |
Allow Files Network Drive Access | supervised, iOS13 | supervised, iPadOS13 | not supported |
Allow Files USB Drive Access | supervised, iOS13 | supervised, iPadOS13 | not supported |
After updating to this Silverback Release, Force Wi-Fi Power On will be enabled by default.
iPadOS General Support
iPadOS is an operating system from Apple for iPads. It was unveiled at the Worldwide Developers Conference on June 3, 2019. With the introduction of iPadOS, iPads and iPhones no longer share iOS to provide iPads with more features. From a device management perspective iPadOS is more similar to macOS instead of iOS. Due to our iPadOS support, the enrollment into Silverback will be covered by a macOS near mdm agent. This will lead to the fact that all new iPadOS enrollments need as minimum required Silverback version this release. With older Silverback version you will receive an error with "Invalid Payload".
As major benefit of the new iPadOS offers for example, new views for apps to work with multiple applications in parallel. For the first time, external hard disks and USB sticks can be connected and managed. The integrated Safari web browser offers new features familiar from the Mac version, such as a download folder. There are also optimized functions for selecting and managing text. In combination with macOS Catalina, the iPad can be used as a second screen with iPadOS and "Sidecar" in newer models. For the first time, the iPad and the iPhone gets support for the mouse as an input device.
Please note that a device, which has never been enrolled to Silverback, needs a deactivated Request Desktop Website option in Safari Settings (Settings > Safari > Settings for Websites) to enroll properly into the Management System
App Store Search by Country
In the latest major version of Silverback 19.0 we added an updated App Store API for adding applications, which made it easier to find and add applications into the Management System. With this release we extended the functionality with an application search by country. It could be that applications aren't available in one country, but in another and you may wonder, why this application will not be installed on all devices. In this case you can easily use the app store search by country to find out, if the needed application is available in a particular country. Please note that until this release United States was the predefined country and it is not necessary (and not possible) to add an application in multiple countries. If you add the application e.g with country Germany, the application will be installed on any other location, where the application itself is available.
Remember my choice for store search
As mentioned in App Store Search by Country, United States is and was the default country location. If you intend switch to another default country you can enable the Remember my choice checkbox which will set the default country for all upcoming searches.
Custom Passwords for Email
Depending on when you started with Silverback as your Mobile Device Management or Enterprise Mobility Management Solution you may remember that we brought the Group Mailbox Feature for Exchange Active Profiles in Version 18.0. We always appreciate the feedback that you provide us in our Ideal Portal. Custom Passwords for Email was one of the idea where we decided to bring it into this release. So from now on you will be able to use the Group Mailbox Feature not only for Exchange Active Profiles but also in Email Profiles for IMAP/POP3 mailboxes.
Android & SamsungSafe
Please find all new Android Features in Silverback 19.0 Update 2 below.
Managed Application Actions for Android Enterprise
We are happy to bring a useful feature for all Administrators to Silverback 19.0 Update 2. With this release Administrators have now the ability to remotely install and uninstall applications for Android Enterprise. This feature is supported on both variants, Device Owner and Work Profile and supports Managed Play applications and Enterprise applications. Open from Device Overview Actions and select Management Applications. In the following screen you will see all available applications for a remote installation based on assigned Tag(s).
The window will refresh itself automatically in a period of 5-10 seconds.
New Restrictions
With Silverback 19.0 Update 2 the following new restrictions are available.
Device Owner | Work Profile | Legacy Management | |
---|---|---|---|
Allow Factory Wipe | Available | Not supported | Not supported |
Allow Airplane Mode | Available for Android 9 and higher | Available for Android 9 and higher | Not supported |
Allow Ambient Display | Available for Android 9 and higher | Not supported | Not supported |
Allow Configuration of Brightness | Available for Android 9 and higher | Not supported | Not supported |
Allow Configuration of Date, Time and Timezone | Available for Android 9 and higher | Not supported | Not supported |
Allow Configuration of Location | Available for Android 9 and higher | Available for Android 9 and higher | Not supported |
Allow Configuration of Screen Off Timeout | Available for Android 9 and higher | Not supported | Not supported |
Allow Printing | Available for Android 9 and higher | Available for Android 9 and higher | Not supported |
Allow Volume Control | Available for Android 9 and higher | Available for Android 9 and higher | Not supported |
Allow USB Host Storage | Available | Available | Not supported |
Allow Android Beam | Available | Available | Not supported |
Permission Policy |
|
|
Not supported |
Unlimited Past Days of Mail to Sync for Gmail
With this release we extended the Past Days of Mail to Sync option with the value Unlimited, so basically all emails will the sync with Gmail with no specific period.
Windows 10
Please find all new Windows 10 Features in Silverback 19.0 Update 2 below.
Custom Profiles
Windows 10 Modern Management is getting more and more important for us and for the market that we are addressing. Upfront we would like to inform you that we will increasingly integrate Windows 10 settings into the product in the coming releases. As a good starting point in this Release we bring a new capability into our product to create a custom profile. This is very helpful if you are dependent to a new feature that Microsoft will release between any of our Silverback releases. Custom Profiles will ensure that you as an Administrator will be able to address any missing feature by generating a profile by yourself.
Rename Device
For any Windows 10 device you will find a new Item called Rename under Actions. By using the Rename functionality you will be able to remotely rename the current device. After a restart the Device will change the Computer Name to the one you defined here.
macOS
Please find all new macOS Features in Silverback 19.0 Update 2 below.
General Support for macOS Catalina
macOS Catalina as version 10.15 is the sixteenth major release of macOS, the desktop operating system for Macintosh computers. It is the successor to macOS Mojave and was announced at WWDC 2019 on June 3. Catalina is the first version of macOS to exclusively support 64-bit applications. It will be released as a free update in October 2019. This time the system is named after Santa Catalina Island, which is located off the coast of southern California. You can find the list of new features available with macOS Catalina here: macOS Catalina - Features - Apple.
Simple Enrollment
Within this release we added the ability to use Simple Enrollment for macOS and iPadOS. With activated Simple Enrollment the end user doesn't need to enter the One Time Password, when the enrollment will be done through the Self Service Portal on the device itself. When your user will open either enrollment link in the provided SMS or opens directly the enrollment link in the browser, the device will be directly enrolled without the need of entering the One Time Password.
With activated QR-Code enrollment, Simple Enrollment will be activated by default for each platform.
Volume Purchase Program (Preview)
In order to bring the same experience for iOS, iPadOS and macOS we started to bring the Volume Purchase Program for macOS into Silverback. With this release you will be able to synchronize purchased macOS applications via the Volume Purchase Program with the App Portal. This feature acts as a preview because the application installations is currently not supported. On your macOS devices you will receive a notification from the App Store that the application is not found, so the application will not be installed. We are currently in progress together with Apple to make the Volume Purchase Program completely available. So please stay tuned for upcoming announcements.
tvOS
Please find all new tvOS Features in Silverback 19.0 Update 2 below.
tvOS13 General Support
tvOS 13, the newest version of tvOS, introduces some notable changes that make the TV watching experience better than ever. From the Mobile Device Management part, tvOS13 brings a couple of new capabilities along. So, in preparation for tvOS13 we added the following capabilities:
- New Restriction has been implemented
- DEP Skip Setup Items has been extended
- Tap To Set Up Option
- Aerial Screensavers
- TV Home Sync Screen
- TV Provider Sign In Screen
- TV Room
New Restrictions
For tvOS in Silverback 19.0 Update 2 we added the following new restrictions.
Settings | Configuration | Minimum Version | Description |
---|---|---|---|
Maximum Level of App Content allowed on the device |
|
11.3 | This value defines the maximum level of app content that is allowed on the device |
Maximum Level of Movie Content allowed on the device |
|
11.3 | This value defines the maximum level of movie content that is allowed on the device |
Maximum Level of TV Content allowed on the device |
|
11.3 | This value defines the maximum level of TV content that is allowed on the device |
Allow Incoming AirPlay Requests | Enabled or Disabled | 10.2 | If set to false, the Apple TV cannot be paired for use with the Remote app or Control Center widget. |
Allow Device Sleeping | Enabled or Disabled | 13.0 | If set to false, the Apple TV will not go to sleep. |
Prevent Listed Bundle IDs from being shown or launchable | e.g. com.netflix.Netflix | 11.0 | Defines a blacklist of applications which will not be shown or launchable on the device |
Allow Only Listed Bundle IDs from being shown or launchable | e.g. com.amazon.aiv.AIVApp | 11.0 | Defines a whitelist of applications which will be shown or launchable on the device |
New Profiles
In addition to new Restrictions for tvOS Silverback 19.0 Update 2 includes the following new configurable profiles, which will give Administrator a more secure way to tvOS Management at all.
AirPlay Security
The AirPlay Security payload locks the Apple TV to a particular style of AirPlay Security and is located under Profile > AirPlay Security.
Setting | tvOS | Description |
---|---|---|
AirPlay Security | Enabled or Disabled | Enables or disables the profile |
Profile Name | e.g. AirPlay | Defines the profile name |
Access Type |
|
Any allows connections from both Ethernet/WiFi and AWDL. WiFi only allows connections only from devices on the same Ethernet/WiFi network as the Apple TV. |
Security Type |
|
Passcode once will require an on-screen passcode to be entered on the first connection from a device. Subsequent connections from the same device will not be prompted. Passcode always will require an on-screen passcode to be entered upon every AirPlay connection. Password will require a passphrase to be entered as specified in the Password key. |
TV Remote
This profile allows restricting the connections from the Apple TV Remote app to an Apple TV and restricting the available Apple TV devices in the Apple TV Remote app. This configuration is supported only on supervised devices. The process is pretty straight forward. Navigate to the TV Remote Profile, click enabled and give a name. Press on the + icon to add the MAC - address of the allowed remote device. Click OK and Press Save.
ChromeOS
Chrome OS is a Linux kernel-based operating system designed by Google. It is derived from the free software Chromium OS and uses the Google Chrome web browser as its principal user interface. Chrome OS primarily supports web applications. Chrome OS has an integrated media player and file manager which supports Chrome Apps, which resemble native applications, as well as remote access to the desktop. Android applications started to become available for the operating system in 2014. In 2016, access to Android apps in the entire Google Play Store was introduced on supported Chrome OS devices. Due to the fact that more and more Chrome OS machines have entered the market, we decided to bring ChromeOS Management to Silverback.
General Support
ChromeOS Management differs from the management of other platforms like iOS, Android, macOS or Windows 10. In general device configurations will be done in G-Suite Administrator Console, so talking about ChromeOS Management is more in a way of an integration instead of a true management at all. With this release we have added the possibility to bring your ChromeOS devices into Silverback for an holistic Device Management approach. Managed ChromeOS Devices from G-Suite will be included and displayed in Silverback.
Please check our ChromeOS Integration Guide for further information.
Device Information
After opening Device Information you will have the possibility to Refresh device Information and also get information about Hardware and OS information like Serial Number, Mac-Addresses, Chrome version and more.
Device Actions
Supported Device Actions are:
- Refresh: Force a device check in to retrieve device information
- Block Device: Device will be moved to Blocked in Device Overview
- Delete Business Data: Device will be moved to Checked Out in Device Overview. You will need to provide a reason for the check out action.
- Upgrading or replacing with a newer model
- Reselling, donating, or permanently removing
- Replace with the same model from a repair vendor
- Unblock Device: Device will be move from Blocked to Managed in Device Overview
Mobile Applications
Companion (Android)
Release Version: 19.0.2.12
- Android Q Support
- Added 7-Day Logging
- Added option to display certificates in Management Console
- New restriction support for Android Enterprise
- Fixes and improvements for background activitites
- Fixes and improvements for user certificates
- Fixes and improvements for certificate trusts
- Fixes and improvements for Exchange Active Sync profiles
- Fix for Allow App Store restriction on Samsung