Skip to main content
Matrix42 Self-Service Help Center

Release Notes Silverback 24.0

  1. Last updated
  2. Save as PDF

About This Release

Matrix42 Silverback 24.0 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.

Visit the following playlists on the Matrix42 YouTube channel to get a short overview presentation of the major new features: Link to English Video-Playlist | Link to German Video-Playlist.

Build Information

  • Download: Marketplace
  • Initial Build Version: 24.0.0.73

Important Announcements

Firebase Cloud Messaging and new System Requirements

On June 20, 2024, Google is discontinuing the legacy Firebase Cloud Messaging (FCM) APIs that is utilized by Enterprise Mobility Solutions to send push notifications to managed Android devices, so that they can be reached out by the backend server. Google has stated the reasons for this discontinuation to provide a more consistent experience and align with Google security standards to improve security, reliability and performance. In order to comply with this announcement by Google, a new method is being used within this new Silverback version to send messages, also known as push notifications to your managed devices via the new HTTP v1 API version. Overall, this brings several technical improvements in terms of performance, increased security and other benefits. 

Within this new Silverback release, we have implemented a new best practices micro service that will now send one request for multiple devices rather than of one request per device, which will reduce the load on your server. This new micro service requires that you have the ASP.NET Core Runtime Hosting Bundle version 6 installed on your Silverback server, which means that starting with Silverback 24.0, the Hosting Bundle is a requirement to successfully manage Android devices.

All customers who have Apple devices under management are already familiar with it, so if you already have Apple devices under management, no change is required after updating Silverback to version 24.0. All on-premises customers that are managing Android devices, will need to have ASP.NET Core Runtime Hosting installed on their server to avoid any service interruptions after performing the update.

clipboard_e34631c59a0d0a2308b285e337fcdf852.png

Alternative app marketplaces in the European Union

With iOS 17.4, Apple is releasing the new regulations in force in the European Union, the European Union’s Digital Market Act,  in which alternative App Marketplaces needs to be allowed on the operating system level. The DMA aims to prevent large online platforms from acting as gatekeepers, and will go into effect in early March 2024, requiring Apple to allow users to side-load alternative marketplaces onto its platform. With the implementation, Apple has also created opportunities for us as a Mobile Device Management manufacturer to simplify the handling of opening alternative marketplaces for you as a company. This includes the following changes with existing and new restrictions and profiles that are available for supervised devices:

  • The existing restriction Allow App Installation will also prevent installation and use of marketplace apps and marketplace-hosted apps.
  • The existing restriction Allow App Removal will also prevent the removal of marketplace apps and marketplace-hosted apps.
  • The new restriction Allow Marketplace App Installations will prevent users from installing new marketplace apps and marketplace-hosted apps. 
  • The enforced blacklist/whiltelist policy will also apply to use and prevent use of marketplace apps and marketplace-hosted apps.

For additional information about alternative marketplaces, please refer to the official Apple documentation: About alternative app marketplaces in the European Union.

Updates in email templates

In this version, we have worked on optimizing the content of the email templates, in particular improving the positioning of some variables and optimizing some formulations. We therefore recommend resetting all e-mail templates for all languages once after the update. This is particularly helpful for the Policy Violation Alert and Device Roaming Notification Template, as the variables were positioned incorrectly. The templates are not updated automatically to prevent any customizing from being overwritten. If you have not customized the templates, you can reset all templates for all languages without hesitation. In addition, we have solved an issue in this version that caused the emails sent in German and French to be only partially translated. 

New Features

Management Console

Please find all new Management Console related features in Silverback 24.0 below:

Updated Dashboard Warnings

With this release, we have improved self-help so that you can easily keep your business up and running. This means that we have revised the current console alerts related to certificate and token expiration. In the past, the alerts were simply a warning that indicated which certificate or token was expiring and when the expiration date was. Starting with this new release, the new alerts will have a style that shows which certificate is expiring, when it will expire, what will happen if you do not renew the certificate, and an included link to the appropriate knowledgebase article that walks you through the renewal process step-by-step. As most of the certificates and tokens needs to be renewed every year or at least every second year, the updated Dashboard warnings should help you to easily go through the process. In addition, we added a Certificate Request Agent expiration warning, which was not previously available. With this update, we addressed the ideas SVB-I-62 and SVB-I-94.

Certificates

Overall, the following table provides an overview of all existing certificates in Silverback that need to be renewed on a regular basis. On the left are the warnings present in Silverback 23.0 Update 3 and older, and on the right are the newly updated warnings and corresponding knowledgebase links.

Old Warning New Warning
A Signing Certificate with thumbprint 59E91173443A31BC2AFDF2EBF03F32EE31CF7E58 expiry date is 1/3/2022 Your Signing certificate will expire on 1/3/2022. Failing to renew this certificate will cause errors in device enrollments. Please renew your certificate by following the instructions in the Knowledgebase.
A Apple Push Notification Service Certificate with thumbprint 8E93048F9845BDC4EBDB83B0C5954BCCB96F50C1 expiry date is 1/15/2022. Your Apple Push Notification Service certificate will expire on 1/15/2022. Failing to renew this certificate will cause your devices to stop communicating. Please renew your certificate by following the instructions in the Knowledgebase.
A Companion Push Notification Service Certificate with thumbprint 083124283D90487BC50CF4131B05C646EEADA933 expiry date is 10/23/2021. Your Companion Push Notification certificate will expire on 10/23/2021. Without renewing, users will not receive notifications in the Companion app on iOS and iPadOS. Please update your certificate by following the instructions in the Knowledgebase.
A CaClient Issuance with thumbprint E2F1250527C0DA826EFD7CC4A47436442018EFBD expiry date is 7/30/2021. Your Enrollment Issuing CA certificate will expire on 7/30/2021. Failing to renew this certificate will cause failures in deploying certificates on Windows devices. Please renew your certificate by following the instructions in the Knowledgebase.
A EAOAgent Certificate with thumbprint E2F1250527C0DA826EFD7CC4A47436442018EFBD expiry date is 7/30/2021. Your Exchange Enrollment Agent certificate will expire on 7/30/2021. Failing to renew this certificate will cause failures in deploying certificates on Windows devices. Please renew your certificate by following the instructions in the Knowledgebase.
A CEPAgent Certificate with thumbprint B01833B9DD743A188E2954DAF3E0E883F338258D expiry date is 7/30/2021. Your CEP Encryption Agent certificate will expire on 7/30/2021. Failing to renew this certificate will cause failure in deploying certificates on Windows devices. Please renew your certificate by following the instructions in the Knowledgebase.
A Certificate for Modern Authentication with thumbprint B01833B9DD743A188E2954DAF3E0E883F338258D expiry date is 7/30/2021. Your Exchange Protection certificate will expire on 7/30/2021. Failing to renew this certificate will cause failure in handling access to Exchange ActiveSync. Please renew your certificate by following the instructions in the Knowledgebase
n.a. Your Enrollment Agent certificate will expire on 8/4/2021. Failing to renew this certificate will cause failure in deploying certificates to your devices. Please renew your certificate by following the instructions in the Knowledgebase
Tokens

In addition, the following table provides an overview of token expiry warnings related to the Apple Deployment Programs that need to be renewed every year. On the left are the warnings present in Silverback 23.0 Update 3 and older, and on the right are the newly updated warnings and corresponding knowledgebase links.

Old Warning New Warning
VPP token expiry date is 1/15/2022. Your Volume Purchase Program token will expire on 7/21/2023. Failing to renew this token will cause your devices to be unable to license apps from the App Store. Please renew your token by following the instructions in the Knowledgebase.
DEP token expiry date is 8/4/2021. Your Device Enrollment Program token will expire on 8/4/2021. Failing to renew this token will prevent new DEP devices from appearing and they will not be ready for enrollments. Please renew your token by following the instructions in the Knowledgebase.

New Date Formats

Next to the improved self-help mentioned above, we have also added two new date formats that improve the daily use of the Management Console according to your familiar date formats. This should improve your experience, especially if you are in the German-speaking regions or if you prefer the international standard (ISO 8601), which harmonizes formats and ensures accuracy in all situations. You can change the date format by using the settings icon next to your user name in the upper right corner to open the Edit Your Details screen. Changing the date format will update all relevant information in the Management Console to your desired format.

clipboard_ebea84dfaf8ffb5b1557df437f431d78a.png

Expiration dates for Certificate Trusts

Another new feature or improvement in the Management Console in this release is the display of expiration dates for certificate trusts. Addressing the idea SVB-I-61, we have optimized the user interface of the certificate trust configuration in the tags to provide more space for the subject and to display the expiration date of the certificate. The different colors green, red and orange indicate the status. Red indicates an expiring certificate, green indicates a certificate that is still valid, and orange indicates a certificate that will expire within the next 30 days.  All certificates will be sorted by the expiry date and in order to display certificates already uploaded from previous versions of Silverback, a task will run once to update the expiration dates of the certificates. Therefore, you may not see the date of certificates that have already been uploaded immediately after the update. 

clipboard_ea7f08c04fdc32cf4029acfdba99f41ff.png

iOS, iPadOS, macOS

Please find all new iOS, iPadOS, macOS related features in Silverback 24.0 below:

New Restrictions

With the release of iOS 17.2 and 17.4, Apple has included three new configuration options in the form of restrictions. In general, restrictions are easy on/off settings that enhances the configuration options of your managed devices and increases security options. This means with this new Silverback release, you can now configure the following new restrictions: 

  Availability Options Requirements Description
Allow Marketplace App Installation
  • iPhone
  • iPad
  • Enabled or Disabled
  • iOS 17.4
  • iPadOS 17.4
 If disabled, the system prevents alternative marketplace apps from being installed from the web and prevents installed alternative marketplace apps from installing apps. Available in iOS 17.4 and later. Requires a supervised device.
Force Preserve eSIM On Erase
  • iPhone
  • iPad
  • Enabled or Disabled
  • iOS 17.2
  • iPadOS 17.2
 If enabled, the system preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset. The system doesn’t preserve eSIM if Find My initiates erasing the device.
Allow Live Voicemail 
  • iPhone
  • iPad
  • Enabled or Disabled
  • iOS 17.2
  • iPadOS 17.2
 If deactivated, the system disables live voicemail on the device.

In addition, we enabled the previously named restriction The Maximum Level of TV Content Allowed on The Device for iPhone and iPad devices. The configuration was already available for Apple TV devices in earlier releases and is now also available on the other supported platforms. Furthermore, you can now specify a specific Ratings Region for the content classification. This restriction includes the following regions:  Australia, Canada, France, Germany, Ireland, Japan, New Zealand, United Kingdom, United States

New Skip Setup Items

Within this Release, we extended the Device Enrollment Program General Settings and Additional Profiles with two new items that are supported on macOS and one new item for iOS. On macOS, the Lockdown Mode will skip the Lockdown Mode pane if an Apple ID is set up. The second item for macOS is the Wallpaper Pane, which will skip the Wallpaper setup, beginning with macoS 14.1 and later.

clipboard_ea4a9ec6e591c47d51370ff3dfb8d2657.png

For iOS, you will find also one new additional item, named as Action Button. This option will skip the Action Button configuration pane and is available in iOS 17 and later. Please refer to Action button on iPhone 15 Pro and iPhone 15 Pro Max for additional information. 

clipboard_e37270632cffd32cdcf160da0a3cd0ac8.png

Please note that after updating to this new version of Silverback, all three new options are not enabled by default.

Time Zone Awareness and Configuration

Another new feature in this release is the configuration of time zones for all Apple devices. This configuration is possible on different levels or ways. For managed iOS, iPadOS, and tvOS devices that are supervised, you can set the time zone through a dedicated action that allows you to the configure the desired time in a one-time action. You can also use a policy to set the time zone to the desired zone when a device is checking in. Users can manually change the time zone at any time, as long as the Force date and time automatically restriction is not set. If the Force date and time to be set automatically restriction is set, the time zones cannot be changed through the new action and policy because they will be set by the operating system automatically. This means that if the restriction are enabled, the policy and the time zone change triggered with the new possibilities will be ignored by the endpoints due to the design of the operating system. For macOS devices, this new version offers a new profile where you can specify a time server and the desired time zone. Please refer to Set and configure Time Zones for Apple devices for additional information. 

Extended Passcode Settings

Based on our valued customer feedback, we extended in Silverback 24.0 the passcode settings for macOS devices. This extension includes overall three new options: 

Setting Options Requirements Description
Change at next Auth Enabled or Disabled macOS 10.13 By enabling, the system causes a password reset to occur the next time the user tries to authenticate.

If this key is set in a device profile, the setting takes effect for all users, and admin authentications may fail until the admin user password is also reset. In the current design, user approved enrollments will receive the profile in the user scope. Devices enrolled via DEP will received the profile in the device scope.

In addition, please note that if this setting is enabled and the profile is installed on the device, any subsequent change within the profile will result in a reset of the profile on the device, which by protocol design is considered a new installation and will force users to change their password. Thus, any change to a passcode profile that has Change on next Auth enabled will result in users being prompted to change their passwords, so please choose your settings carefully before enabling this option.
Maximum Failed Attempts 2-11   Configures the number of allowed failed attempts to enter the passcode at the device’s lock screen. After six failed attempts, the system imposes a time delay before a passcode can be entered again. The delay increases with each attempt. You can use the Minutes Until Failed Login Reset option to define a delay before the next passcode can be entered. When this number is exceeded in macOS, the system locks the device. The default value for Maximum Failed Attemps is 11.
Minutes Until Failed Login Reset e.g. 60 macOS 10.10 Defines the number of minutes before the system resets the login after the maximum number of unsuccessful login attempts is reached

Android Enterprise

Please find all new Android Enterprise related features in Silverback 24.0 below:

New Profiles in Companion

Starting with Companion version 24.0, the Profiles menu item provides you as an administrator or your users with additional information about the configuration applied to the device. First, the installation date of the profile is now displayed for new or updated profiles. In addition, 3 more profiles are now displayed in the overview. These include the display of installed Certificates with the root, intermediate, identity, user and VPN certificates. Various certificate attributes are displayed in the detailed view. The detailed view of the Passcode Settings shows the configurations set for the passcode policy, and the System Update profile now shows the setting set by you as the administrator. In addition, the displayed profiles are now shown in alphabetical order. 

Screenshot_20240307-172723_framed.png Screenshot_20240307-172715_framed.png Screenshot_20240307-172707_framed.png

New Improvements

Please find all new improvements in Silverback 24.0 below.

Management Console

  • Fixed an authorization issue on Self Service Portal logins
  • Fixed an issue while pressing Save or Save & Close in Computer Objects policy
  • Fixed an issue with not working Multiple Actions button while using the select all devices option 
  • Improved SQL Connection Error warning
  • Updated labels for Custom Variable Notes when adding a new Device User
  • Added several missing German and French translations in the Management Console and Dashboard Exports
  • Fixed the tooltip for Force Set Date and Time Automatically on German and French
  • Added missing second level navigation when selecting Bulk Provision Users
  • Added missing highlighting in second level navigation under Pending when selecting any provisioning method
  • Adjusted the position of checkboxes for App Management options in the App Portal to fit French translations
  • Fixed an issue with the Provision Users option for local (non-LDAP) Super Helpdesk users
  • Fixed an issue with incorrect counting of existing Console warnings
  • Fixed an issue where the encryption type for macOS Wi-Fi profiles was presented as an enumerated value in Tags
  • Fixed an issue with not translated subjects and body parts of E-Mail Templates

Android Enterprise

  • Updated Push Notifications protocol from the Legacy HTTP Protocol to HTTP v1 API  
  • Added support for automatic permission granting for enterprise applications on older OS versions
  • Added a user friendly information in Companion when profile list is empty
  • Fixed an issue with WPA Enterprise certificate distribution on Samsung Knox devices
  • Fixed an issue with installing root and intermediate certificates when they are the same for Wi-Fi and VPN and Apps credential stores
  • Improved the request hash parameter check for Google Play Device Integrity integrity tokens

Apple Management

  • Fixed an issue where in rare cases devices moved to checked out after the enrollment with the username Pending...
  • Refactored the Apple Push Notification Services to reuse the HttpClient
  • Fixed a typo in the display name of the Restriction profile on macOS
  • Fixed an issue while pressing Save or Save & Close in Computer Objects Policy
  • Dates and time stamps in the DEP and VPP sections are now displayed according to the selected language and date format
  • Added profile signing for custom profiles
  • Added possibility to upload and distribute already signed custom profiles
  • Fixed an issue with installing applications to User Enrollment devices
  • Added the amount of device-based assigned licenses for the device to the Device Overview
  • Added managed Managed Apple ID column to the Users section in Volume Purchase Program details
  • Added missing unassign license operation while executing Factory Wipe
  • Added logging for installation failures on User Enrollment devices to the Volume Purchase Program section when detailed logging is enabled
  • Fixed an issue where deleted Enterprise applications for macOS were not set to inactive in the database
  • Added the VPP Operation Mode information (read only) into the Deployment Options for Volume Purchase Program apps into Tags
  • Fixed an issue where macOS devices would not show up in the Devices section if the device reported itself with the Model Name "Laptop"
  • Extracted the Passcode Profile from the Restriction Profile on macOS devices. After updating to this version, both Profiles will be automatically reinstalled
  • Prevented the Passcode Profile from being reinstalled while assigning or unassigning Tags. The profile will only be reinstalled after changes has been made to it

Service Bus

  • Fixed an issue with the Service Bus Listener service that is not processing received messages
  • Fixed an error about an invalid connection string after disabling and re-enabling the Service Bus in the Web Settings
  • Added Connection check for RabbitMQ 
  • Connection checks can now be performed before saving connection settings
  • Finished Service Bus Messages and Message Actions are now preserved in the database according to the set Log retention period

SQL

  • Added a daily task to delete inactive files from table dbo.Files to reduce database size

New Changes

  • Removed Apple Push Notification Service certificate not found configured warning
  • Removed several tooltips from Skip Setup Item list
  • Renamed Force Verify Apps restriction to Allow User to disable Scan apps with Play Protect
  • Renamed The Maximum Level of App Content Allowed on The Device restriction to Maximum Age Rating For Allowed App Content and moved it to the supervised section
  • Renamed The Maximum Level of Movie Content Allowed on The Device restriction to Maximum Age Rating For Allowed Movie Content and moved it to the supervised section
  • Renamed The Maximum Level of TV Content Allowed on The Device restriction to Maximum Age Rating For Allowed TV Content and moved it to the supervised section
  • Moved recently added macOS 14 modification restrictions from Sharing group to System Settings
  • Changed the possible passcode setting values for Maximum Failed Attempts on iPhone, iPad, and iPod from 4-16 to 2-11. If values greater than 11 were selected, these are automatically migrated to the new maximum value.
  • Changed passcode settings field type for Maximum Failed Attempts on Windows from drop-down list to numeric input. After the update, current set values will be migrated and values from 0-999 can now be entered. 
  • Changed German translation for supervised Apple devices from supervised to "betreut" to conform to Apple standards
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Review
  2. Tags
    This page has no tags.