Release Notes Silverback 22.0 Update 2
About This Release
Matrix42 Silverback 22.0 Update 2 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.
Important Announcements
Google Play EMM API Deprecation
Google has deprecated parts of its Google Play EMM API that Enterprise Mobility Solutions uses to provide Android Enterprise management features. The deprecations include methods for app approvals, listing applications in the Managed Play store and installing applications. To guarantee the best possible Android management experience, we updated the API within this release, and it is required, to install this Silverback version until Google's deadline 31.03.2023.
In general, your users won't recognize any visible changes and the most recognizable change for Administrators is that App approvals for saving Managed Play applications into Silverback aren't needed anymore. You can add now Managed Play applications from the Google iFrame and after pressing save, the application approval screen will not appear anymore. There are also technical changes in the background in assigning and installing applications to target devices without any noticeable change in the experience for administrators or users.
Within Silverback 22.0 Update 2, all relevant Google Play EMM API methods were updated to the recommended alternative. Please note that Google planned to disable the deprecated APIs until 31.03.2022 and in case you won't update Silverback until the deadline, several Managed Play store features won't work anymore.
Post-Update Task for Cloud Connector
According to an updated version for the Newtonsoft library in this Silverback version, an upgrade of your current Service Configuration for your Cloud Connector services (if in use) is required to align the Newtonsoft version after updating to the Silverback and Cloud Connector 22.0 Update 2 version.
Updating the service configuration file can be done very easily in a few manual steps, as described in the following article: Post-Update Task for Cloud Connector 22.0 Update 2
Overview
New Features
Android Enterprise
iOS, iPadOS, macOS
Unified User Experience
New Improvements
New Changes
New Features
Android Enterprise
Please find all new Android Enterprise related features in Silverback 22.0 Update 2 below.
Single App and Multi App Mode
One common use-case for managing mobile devices with Android Enterprise is to run them as dedicated devices that serve a specific purpose. These devices were formerly called by Google as corporate-owned single-use, or COSU (Android Enterprise - Key Terms) devices and are used in special employee-facing (Inventory management, filed service management, transport and logistics) and customer-facing (Kiosks, digital signage, hospitality check-in) scenarios. With Silverback, you can assign a Single App Mode profile to device owner devices to achieve the single-use mode for your managed devices, which is also commonly named as kiosk mode. In earlier Android versions, the app that should run in the single-use mode, also technically called as Lock task mode, must already support to start its own activity in lock task mode what often led to confusion. Luckily, on newer Android devices are allowing the DPCs (Companion) to start any app's activity into lock task mode, which provides now a much better usage of the Single App Mode that allows to use any application to run in a Single App Mode. To target this capabilities, we added and improved within this release the Single App Mode Profile and extended it with the option to define additional allowed application identifiers to achieve a Multi Application Mode. In addition, we added several Kiosk Feature to customize the User Interface for your target audience. For additional information, please refer to Single App and Multi App Mode on Android Enterprise.
All new improvements and features for Single App Mode requires Companion Version 22.0 Update 2 running on the target devices.
Usually, when an app runs in lock task mode, the status bar and the Home and Overview button are hidden, and other apps can't launch new activities. Also, the lock screen (if set) is disabled. Beginning with Android 9, Google offers several options to customize the system user interface for devices running in the Lock task mode and we added them within this Release. The following System UI features can now be enabled or disabled for the Single App Mode Profile:
|
System UI feature |
Description |
|---|---|
| None | Disables all the system user interface features listed below. |
| Home Button | Shows or hides the Home button. Enable this option for custom launchers and please note that tapping an enabled Home button in general has no action unless you allow list the default Android launcher. |
| Recent Apps | Shows or hides the Overview button which opens the Recents screen after tapping. To activate this setting, the Home button must be enabled. |
| Notifications Area | Enables or disables notifications for all apps. This shows or prevents notification icons in the status bar, heads-up notifications, and the expandable notification shade. To activate this setting, the Home button must be enabled. Please note that tapping notification actions and buttons that open new panels, will not work while in kiosk mode. |
| Global Actions | Enables or disables the global actions dialog that shows when long-pressing the power button. By having this setting enabled, users are allowed to, for example, switch off or restart the device with the Global Actions dialog. Please note that even with disabled Global Actions, users still can force a restart on devices with e.g, holding the Power Button on Google Pixel 4a for about ~10 seconds. The execution process to force a restart, hard restart or reboot may differ from the operating system and/or hardware vendor. |
| System Status Bar | Enables or disables the status bar’s system info area that contains indicators such as connectivity, battery, and sound and vibrate options. |
| Keyguard | Enables any lock screen that might be set on the device. Please note that this is typically not suitable for devices with public users such as information kiosks or digital signage. If a lock screen has been set on the device, either manually or via a profile, disabling Keyguard will be suppressed until a reboot has been made. After rebooting, the lock screens needs to be unlocked once. |
New Restrictions
With the introduction of Android 13, Google offers new device configurations which are designed for controlling Wi-Fi specific actions and options on Android Enterprise managed devices. With Silverback 22.0 Update 2, we've implemented them, and you will find now 6 new restriction in the Restriction profile and two new options (MAC Address Randomization and Trust on First Use) in the improved Wi-Fi profile configuration (see below). In general, these new restrictions help you to control if users are allowed to add or share Wi-Fi configurations and to switch the Wi-Fi state or to use the Wi-Fi Direct or Wi-Fi Tethering features. On top, you can define the Minimum Wi-Fi Security Level to prohibit devices from connecting to networks that do not meet your defined minimum level of security.
| Restriction | Availability | Options | Requirements | Description |
|---|---|---|---|---|
| Network & Connection | ||||
| Allow Adding new Wi-Fi Configurations |
|
|
|
Specifies if a user is disallowed from adding a new Wi-Fi configuration. |
| Allow Modify Wi-Fi State |
|
|
|
Specifies if a user is disallowed from enabling or disabling Wi-Fi. Even if the user manages to put the device in airplane mode, the device remains connected. |
| Allow Sharing Wi-Fi for Admin Configured Networks |
|
|
|
Specifies if a user is disallowed from sharing Wi-Fi for admin-configured networks. |
| Allow Wi-Fi Direct |
|
|
|
Specifies if a user is disallowed from using Wi-Fi Direct. |
| Allow Wi-Fi Tethering |
|
|
|
Specifies if a user is disallowed from using Wi-Fi tethering, including existing control tethering. |
| Minimum Wi-Fi Security Level |
|
|
|
Prohibits devices from connecting to networks that do not meet a minimum level of security. |
New Settings for Wi-Fi Profiles
Within this release, we extended the configuration of Enterprise networks and improved the configuration wizard for Android and Samsung Knox devices. As a result, several new options like the MAC Address Randomization control, a new EAP Method, new options for Phase Authentication and new Trust settings for newer Android version are available. In addition, we polished and improved the user interface, and you can now also use a static username and password for the EAP authentication settings. Overall, the following updates were made for Wi-Fi Profiles:
- General Settings
- WPA3 names has been added to Security Types
- Password fields are now hidden if Enterprise types are selected
- MAC Address Randomization options (not supported for Samsung Knox) can now be configured with the following options:
- None, Persistent, Non Persistent, Auto
- Proxy Settings
- Proxy Exclusion List supports now multiple entries and has been extended with a tooltip
- Protocol Settings
- EAP Type has been renamed to EAP Method
- TTLS Identity has been renamed to Phase 2 Authentication and is placed now under Protocol settings
- PWD option has been added as EAP Method
- None option for Phase 2 Authentication has been added
- Phase 2 Authentication is now also available for EAP-PEAP with the following options:
- MSCHAPv2, GTC, SIM, AKA, AKA PRIME (AKA')
- Authentication Settings
- Authentication Settings headline has been renamed to Identity and Password
- Anonymous Identity is added and will be used for merged for Outer Identity
- You can configure now a static Username and Password for the Authentication
- Trust Settings (not supported for Samsung Knox)
- Domain Field option is available for Android 11+ devices
- Trust on First Use option is available for Android 13 devices
iOS, iPadOS, macOS
Please find all new iOS and iPadOS related features in Silverback 22.0 Update 2 below.
Mail Drop Configuration
With Mail Drop, users can send large attachments up to 5 GB to anyone via email using Mail Drop. This feature is built right into the Mail app on Apple devices and most email services have a maximum attachment file size limit. As an example, Gmail will ask users to upload attached files that exceeds 25MB, to upload the file to Google Drive and sent instead of the attachment, a link to the recipient for downloading the file from Gmail. Similarly, when users trying to upload big files like videos, PDFs, Power Point Presentations, ZIP, or other larger files that exceeds Internet Service Provider (ISP) limit, Mail will ask the user to send the attachments using Mail Drop. By default, Exchange ActiveSync and Email profiles that are configured and distributed in the past via Silverback to managed devices, had Mail Drop by default disabled. With Silverback 22.0 Update 2, you can now simply allow the usage of Mail Drop for users within both profiles on iOS, iPadOS and macOS devices by enabling the Allow Mail Drop option. For additional information about Mail Drop, please refer to the following links:
New Skip Setup Items
Within this Release, we extended the Device Enrollment Program General Settings and Additional Profiles with three new Skip Setup Items. This includes to skip the App Store, the iMessage, and the recently released Terms of Address pane during the enrollment with the Device Enrollment Program.
| Setup Item | Description | Availability |
|---|---|---|
| AppStore | Skips the App Store pane. |
|
| Messaging Activation Using Phone Number | Skips the iMessage pane. |
|
| Terms Of Address | Skips the Terms of Address pane. |
|
Quick Language and Region Selection
In previous Silverback versions, the Language and Region configuration for devices enrolled with the Device Enrollment Program was based of adding a language designator and an ISO 3166-1 standard, two letter, capitalized code. Within this release, we wanted to make the configuration easier and as a result you can now simply select the desired the Language and Region from a drop-down list in the Default Profile and in Additional Profiles section. In addition, we updated the tooltip as both configurations are supported on macOS (beginning with macOS 11) and tvOS.
Unified User Experience
Please find all new Unified User Experience related features in Silverback 22.0 Update 2 below.
New enrollment and security information
We extended in Silverback 22.0 the device information for macOS and Android Enterprise devices with specific enrollment and security information in the Silverback Management Console. The new information will be with Silverback 22.0 Update 2 also transferred via the Service Bus and will be presented in the device preview with new Unified User Experience version, which will be released some time after Silverback.
| Information category | Information | Supported Platform |
|---|---|---|
|
Enrollment Information |
|
macOS |
| Security Information |
|
macOS |
| Security Information |
|
Android Enterprise |
New Improvements
Please find all new Improvements in Silverback 22.0 Update 2 below.
Management Console
- Fix for incorrect Resultant Tag Link for OS Version Compliance for all platforms. The following links were forwarded by accident to APN instead of OS Compliance:
- Alert Administrators
- Automatically Approve New OS Version
- Added notification about Clear Passcode request has been sent successfully
- Fixed an issue when editing App Deployment options in a Tag causes sending the InstallApplication command for each device and type in the Tag
- Fixed an issue where API Token generation finishes without updating the user interface and a browser refresh was required to view the token
Apple Management
- APNSSender now uses only TLS 1.2 and TLS 1.3 protocols
- Reworked and improved the UI of Exchange Profiles
- Fix for Safari Autofill Restriction
- Fix for showing Invalid custom email address when using uppercase letters in Exchange Profiles
- Extended field length in database for the Organization Name in Device Enrollment Program
- Removed the following iPhone device type duplicates in Hardware Compliance
- 4S 16GB
- 5C 16GB
- 6 16GB, 6 64GB, 6S 16GB, 6S 32GB, 6S 64GB
- 7 128GB, 7 256GB, 7 32GB
- 8 256GB, 8 64GB
- X 256GB, X 64GB
- Merged the following iPhone device types in Hardware Compliance
- 6s Plus 32GB to 6S+ 32GB
- 7 Plus 32GB to 7+ 32GB
- 8 Plus 64GB to 8+ 64GB
- Added tooltip for deprecated restrictions on macOS
- All restrictions inside Sharing group and
- Require Admin Password to Install or Update Apps
Android Enterprise
- Added high priority flag for messages via Firebase Cloud Messaging
- Fix for obsolete Install Application command send to Companion for Managed Play apps
- Removed Android Enterprise Fun Restriction from Payloads
- Added validation for App Identity field for Managed Play apps
- Fix for adding multiple Managed Play Apps with the same Bundle Identifier to the App Portal
- Fix for App Management Constraints for Managed Play apps
- Several improvements are made for the Device Type List
- Fixed model description for SM-M215G and SM-M215G/DS from Galaxy M31 to M21 2021
- Changed platform for SM-M315F (Galaxy M31) from Samsung Knox to Android
- Changed description for SM-J320F from Galaxy J3 to Galaxy J3 (2016)
- Changed several description from SM-JXXXX models from Galaxy J3 to J3 (2016), J3 (2017), J3 Pro, J3 Pop
- Changed the platform from Android to Samsung Knox for the above-mentioned models
- Fix for missing IMEI and ICCID in device overview
Companion
- Support for new restrictions in Android 13
- Support for Multi App Mode and several improvements for Single App Mode
- Support for new options for Wi-Fi Profiles including several improvements
- Added Error Chain for installing Wi-Fi Networks
- Commands will now executed faster during enrollments
- Improvements for installing and removing certificates
- Fixed an issue while granting special permissions for enterprise apps
Knowledge Base
The following new Knowledge Base articles has been added:
Changes
- Changed Publisher Information from Matrix42 AG to Matrix42 GmbH for Installers
- Changed Company Name from Matrix42 AG to Matrix42 GmbH in EULA
- Changed help and support link in Programs and Features Control Panel
- Updated Cloud Connector Config Generation Tool to use updated Newtonsoft version
- Updated Silversync for updated Newtonsoft version