Skip to main content
Matrix42 Self-Service Help Center

Release Notes Silverback 25.0

  1. Last updated
  2. Save as PDF

About This Release

Matrix42 Silverback 25.0 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.

Visit the following playlists on the Matrix42 YouTube channel to get a short overview presentation of the major new features: Link to English Video-Playlist | Link to German Video-Playlist.

Build Information

  • Download: Marketplace
  • Initial Build Version: 25.0.0.28

New Features

Multifactor Authentication for System Users

With this release, we introduce Multi-Factor Authentication (MFA) for accessing the management console, providing administrators with an additional layer of security beyond just a password. This feature ensures sensitive data and administrative functions are protected by requiring an extra verification step for authorized access. This feature is the most wanted idea SVB-I-109 from our ideas portal, and we deeply value the feedback. The MFA implementation allows SMS or email as the communication channels for generating and sending verification codes. In the future, we may introduce additional authentication factors for even more secure access. Administrators also have the ability to force MFA for specific system users or roles, providing more control over security settings. If MFA is not forced, system users can enable it on a per-user basis. Furthermore, you can customize the text in both the SMS and email notifications to suit your needs. For additional information, please refer to Multifactor Authentication for System Users.

   
clipboard_e7c174848311173a453fc90bfe0cb40ee.png clipboard_e06cafe4c148904d0db1759aabe01624a.png

Authentication with the Self-Service Portal during Automated Device Enrollments

The Device Enrollment Program (DEP) is designed to streamline the deployment and management of Apple devices by automating their enrollment into a mobile device management solution, ensuring consistent configuration and security settings. In our system, the authentication process for enrolling a device through the Device Enrollment Program has always been based on usernames and passwords or usernames and one-time passwords. While both methods worked very well in the past, especially for local and LDAP users, it was a bit of a challenge when an Identity Provider (e.g. Microsoft Entra ID) was in place. Since the passwords are unknown to the system in the process, the only way for users to authenticate and successfully enroll the device with the Device Enrollment Program was the username and one-time password option, which in most cases required the use of a second device to generate the one-time password through the self-service portal.

Starting with Silverback 25.0, we are introducing two new major features for the Device Enrollment Program. The first is related to idea SVB-I-165 and introduces Device Enrollment Program enrollment in conjunction with the Self-Service Portal. Technically speaking, the device opens a configuration_web_url during setup that represents the Silverback Self-Service Portal in a web view to authenticate the user and initiate the download of the enrollment profile. This improves the user experience for enrollments with local Device Users, Active Directory accounts and Identity Providers.

For example, if you have an identity provider, you can enable direct forwarding from the Self-Service Portal to your identity provider. This ensures that users are presented directly with their regular authentication process, and once authenticated, users only need to press Start to complete enrollment without the need for a second device. If you are using LDAP accounts, you can still use the old approach with usernames and passwords or you can switch to the new method and new users will authenticate in the web view with their credentials as shown in the screenshot above to complete the enrollment process.

clipboard_ee4ba605b26c2f729d77103578e79e3c8.png

Per-Profile Authentication Methods for Automated Device Enrollments

For the second major feature in this release for the Device Enrollment Program, we have addressed SVB-I-122  by improving the flexibility of configuring the authentication process for DEP devices. Previously, when enrolling a device on behalf of a user, you might have had to toggle the global authentication setting methods back and forth between username and password or username and one-time password authentication. Starting with Silverback 25.0, you now have the ability to set authentication settings at the profile level. This ensures that, for example, you can keep the Username and Password (or the new SSP option) authentication method in your default profile as the default option, and whenever you need to enroll a device on behalf of a user, you can use an additional profile, set or switch the authentication method to Username and OTP, assign the profile to the device, and create the one-time password from the Management Console to complete the enrollment.

   
clipboard_e8e6bba02d74fcac7dd0f2a4ee2be337e.png clipboard_eeb64a65e4e4f137485c8033196fe119a.png

Enhanced key user touch points including new branding and customization options

Another key area of focus in this release was to enhance key user touch points across the management experiences, so that your users enjoy a smoother and more visually appealing experience while enrolling devices. The first wave of enhancing key user touch points includes the following key optimizations: 

  • An updated default logo has been added, and you can now change it to your own logo, which will be displayed on the login pages (and other places) for users and administrators.
  • The activation endpoint, where users enter their username and one-time password, now features an updated design, and a custom background image can be uploaded.
  • The "Thank you for enrolling with Matrix42 Silverback" page, which appears after a profile download, now features an updated design with two separate, customizable text boxes, a color picker for text color, and displaying the custom activation background image.
clipboard_e4373da33790b7ed06175a5fcddab22e7.png clipboard_e55bb87061141bb96eb8b5f2c319ac70b.png

New Improvements

Please find all new improvements in Silverback 25.0 below.

Management Console

  • Added additional debug information to external provider validation when Write detailed logs for STS is enabled.
  • Added Device Name information to the Hardware and OS Devices summary exports to address idea SVB-I-177.
  • Improved the search in the Users section and also fixed an error when searching for emails.
  • Fixed the application feedback disabled message while adding a new App Store application and using the App Config option.

Apple Management

  • When editing an additional Device Enrollment Program profile, the profile will now be automatically re-assigned to all already assigned devices.
  • When assigning a Tag to macOS devices, from now on only changed profiles will be re-installed. In earlier versions, a new Tag assignment was followed by re-installing all profiles, even when they were no change made. This logical inconsistency in the logic has been resolved with the exception of Privileges Profile.
  • Fixed an issue with a wrong key used for Allow Passcode Modification restriction.
  • Fixed an issue where the Install Enterprise Application command was queued instead of Install Application for VPP applications with XML configuration.
  • Fixed an issue  where devices were checked out by sending the DC1 (0x11) signal, most likely caused by proxy or firewall injection into the data stream.

Android Enterprise

Companion:

  • Improved Background services for compatibility with Android 14+ devices
  • Installed certificate list now includes color-coded expiration status: orange for certificates expiring within 30 days, red for expired certificates.
  • A periodic check of installed Web Clips has been added. If a user removes a Web Clip, Companion will now periodically identify missing Web Clips and notify the user to reinstall them while previously, a refresh was required to reinstall Web Clips.
  • Fixed an issue with the background service responsible for periodically checking available commands
  • Fixed an issue related to first open Companion from QR code

Server:

  • Firebase Cloud Messaging Push Notifications are now only send to Managed, Blocked or Pending Devices.

Windows 10/11

  • Fixed an incorrect showing certificate store when selecting the Issuing CA certificate in Certificate Profile.
  • Fixed an issue at the Enrollment Server, causing a OTP does not match error while enrolling devices with Provisioning Packages.

Security

  • Replaced DotNetZip 1.16 with System.IO.Compression.

Service Bus

  • Fixed an issue with not closing connections after sending messages which led to an increase of resource consumption 

SQL

  • Reduced the amount of SQL queries in the GetRestrictions endpoint in Samsung Knox Controller.
  • Increased the Command Timeout for SQL queries from 2 to 5 minutes.
  • The performance optimization mode is now enabled by default which should improve views and file downloads to devices.

Knowledgebase 

The following new Knowledge Base articles has been added:

New Changes

  • The Self-Service Portal configuration section under Admin has been renamed to User Experience and is now categorized into Branding, Self-Service Enrollment, One Time Passwords, and Simple Enrollment.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    This page has no tags.