Skip to main content
Matrix42 Self-Service Help Center

Release Notes Silverback 19.0 Update 2

About this release

Matrix42 Silverback 19.0 Update 2 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners in order to provide an ideal feature selection.

Please find the installation files of this version on Matrix42 Marketplace

System requirements, instructions for installation and update as well as for basic configuration are available in the Matrix42 Help Center.

Overview

Before you start

  • Please note that this Release requires on Android and Samsung Safe devices the newest Companion (19.0.2.12) version to work properly.

Deprecations

  • Windows Server 2008 R2 is not supported on this Release
  • Windows Phone 8 has been removed
  • Divide Email client has been removed

Improvements

  • Added new API Call for a personal enrollment type
  • Policy Violation Emails now includes device serial number in Subject
  • Managed application list is now shown as a separate item under Actions
  • Updated User Interface for Certificates
  • Security Patch Level is now visible for Blocked Devices Tab
  • OS Update column is now available for Blocked Device Grid
  • Clear Delta Token for Volume Purchase Program License Information
  • Changed column sizes for Blocked devices for preventing vertical scrollbars
  • Added M42Documents Silversync BundleID
  • Removed ability to change application type after adding to App Portal
  • Windows 10 Clean PC action has been renamed to Clean
  • Replaced empty value for EAP Type dropdown to "None" for Samsung Safe and Android Wi-Fi profiles
  • Added tooltip to Android Beam restriction
  • Added new column for Device Owner under Devices
  • Added possibility to display 50 and 100 Tags
  • Added ability to search for Application Type when assigning Apps to a Tag
  • Ability to factory wipe personal devices has been removed at all
  • Used Apple ID for APNS Certificate is now required and will be displayed
  • Used Google Account is now shown after Android Enterprise activation
  • Device Enrollment Program sections displays now Expiration Date of DEP Token
  • Display Choose File is shown next to DEP Token
  • AppleTV is now enabled by default
  • Managed App Configuration is now queued in Companion
  • Companion logs activities now per default for 7 days 
  • After adding a device to a Tag an instant Push Notification will be send to the device
  • Azure AD has been moved from Settings Administrator to Administrator
  • Azure AD has been renamed to Azure Active Directory
  • Select All Devices function for attaching devices is now available
  • Added ability to find device by ID in attach device to tag window
  • Added Ability to search by "Assets Id" for Volume Purchase Program Assets
  • Certificates under Licenses has been moved to Certificate sections under Admin
    • Redundant Information has been removed
  • Pointless Default Email Template has been removed 
  • Descriptions for Managed Play apps are now optional 
  • We detect now a missing description before we upload the Enterprise Application
  • Added Tooltip for Managed Account activation for Managed Profile
  • Security Patch Level is now visible for Blocked Devices Tab
  • Changes in App column sizes in Tags will not affect App Portal view
  • Added tooltip to Android Beam restriction
  • Added 12 new devices models
  • Gmail and Samsung Mail as Managed Play application will be automatically installed as first
  • Changed Subject Alternative RFC822 Name from Username to Computer for Computer Objects
  • Queue Device Inventory on Companion Checkin is now activated by default

Minor Changes

  • More Button has been renamed to Actions on Device Overview
  • Lock action name is changed for Wipe to Factory Wipe
  • Enterprise Packages has been macOS renamed to Enterprise
  • Android Enterprise Activation settings has been renamed
  • Default columns has been adjusted
  • Renamed OSX device type to macOS
  • Windows 10 Clean PC action has been renamed to Clean
  • Windows 10 Pending Commands default search has been change to Command Type
  • Renamed Allow dictation to Allow Dictation

Fixes

  • Fix for needed multiple clicks for Self Service Portal Login for iOS13 and iPadOS13
  • Fix for Manage Config on Android Enterprise and iOS
  • Fix for not delivered Exchange Profiles on Android Enterprise
  • Fix for Certificate Trust on Android
  • Fixed missed device types displaying for Certificate Trust section
  • Fixed Remove Certificate error for Work Profile 
  • Fix for disable Certificate Trusts will not delete certificate from device
  • Fixed certificates installation and removal issue for Android devices
  • Fix for Certificate Trust and Managed Profiles dependency
  • Fix for Computer Account Creation when Hardware Authentication is used with predefined labels
  • Fix for displayed Passwords in Audit Logs
  • Fix for Clone Tag Functionality
  • Fix for Direct Forwarding Issue after first activation for Authentication Providers
  • Fix for customized columns in FlexiGrid
  • Fix for incorrect data in Resultant Tag for Managed Profile
  • Fix for Tag Title is missing at Single Sign On and Web Content Filter configuration for iOS
  • Fix for Security Patch Level information is shown for iOS devices
  • Fix for Allow App Store Restriction on Samsung Devices

New Features

General

Please find all new general in Silverback 19.0 Update 2 below.

New Tag Auto Population options

In this release we have added two new Auto Population values which will give Administrators more flexibility. The first on Serial Number where you can assign a Tag to a specific Serial Number, e.g. for testing scenarios or special needs of any other user. The second and more effective one is the Auto Population to Device Owner Mode devices. Bringing this Key into the product will give the ability to use for three management methods: Legacy Management, Device Owner and Work Profiles Tags with enabled Auto Population. 

19.0.2_01.png 19.0.2_02.png
Single Serial Number Device Owner

Lockdown action delete business data

We have also implemented the possibility to use Delete Business Data for Policy Lockdown actions. With this enabled non-compliance action devices will be removed from the management and will loose the connection to Silverback and needs to be re-enrolled after the security violation has been solved. 

19.0.2_03.png

Variables for Exchange Active Sync Configuration Label

In Silverback 18.0 we added the possibility to add more than one Exchange Active Sync Account into one Tag  with pre-defined account information. Based on a valuable Feedback in our Idea Portal we extended the usability of this feature in the way, that you can now use in the Label field variables, which makes it now clearer which mailbox is hidden behind the mail profile name. Especially if more shared mailboxes are included.

Instead of adding a name like Outlook into the Label field, use any of the available Silverback System Variables.

19.0.2_04.png

This new feature is supported on the following Platforms.

Platorm Supported
iPhone Yes
iPad Yes
macOS Yes
Android  No, Gmail doesn't support predefined account names
SamsungSafe Yes,  with Samsung Mail
Windows 10 Yes

Certificate Picker for Certificates 

To improve the usability of the Silverback Management Console and to provide faster setup for fresh installations, with this release we say goodbye to copy and paste thumbprints into the Console. Each certificate selection now supports a certificate picker with a drop down list to easily select the required certificate. This includes the following fields: 

  • Agent Certificate in Tags for Wi-Fi Profiles
  • MDM Payload Certificate under Settings Admin
  • Windows 10 Certificate Enrollment Issuing CA under Settings Admin
  • Windows 10 CEP Encryption Agent under Settings Admin
  • Windows 10 Exchange Enrollment Agent under Settings Admin
  • Web Settings Certificate under Settings Admin

LDAP Connection Check

In addition to the easier setup with the Certificate Picker we also added the ability to check the LDAP connection. The button is placed under Settings Admin > LDAP and is based on the following values:

  • LDAP Type (AD is supported)
  • LDAP Server
  • LDAP Lookup Username
  • LDAP Lookup Passwords

These fields are mandatory and can be checked with pressing the save button. If the LDAP Authentication is successful the message "The LDAP Server is available" is shown, otherwise you will receive the response false with "The LDAP server is unavailable". 

19.0.2_26.png 19.0.2_27.png

SMTP Test Button

With the new Send Test Message Button under Settings Admin, Administrators now have the possibility to quickly send a test message to any recipient and can check if the SMTP settings are correct.

Silverback takes the settings directly as they are, there is no need to save settings before sending a message. 

19.0.2_05.png

iOS

Please find all new iOS Features in Silverback 19.0 Update 2 below.

General Support for iOS13 

Apple has introduced the newest version of its iOS operating system, iOS 13, on the 3rd of June at the keynote event of the 2019 Worldwide Developers Conference. iOS 13 is a big overhaul to iOS, with a long list of new features which are mostly addressed to non business related topics. You can find the list of new features available with iOS 13 here: iOS13 -Features - Apple.  

19.0.2_11.png

Preparing for the release of iOS13 we have added the following capabilities

  • Shortcuts has been added Application Blacklist / Whitelist for supervised devices
  • DEP Skip Setup Items has been extended
    • Keyboard Pane
    • Express Language Setup
    • Preferred Language Order
    • Get Started Pane
  • New Restrictions has been implemented
  • User Enrollment is supported
  • Restrictions has been moved to supervised sections according to required changes

User Enrollment

At the Apple Worldwide Developer Conference this year, Apple announced a new mode of device enrollment, entitled User Enrollment. This is a notably different mode of enrollment than the previously available Device Enrollment, Enrollment via Device Enrollment Program, or Supervised modes of enrollment. While these modes still exist, User Enrollment aims to address Bring Your Own Device (BYOD) deployment scenarios specifically.

Create Managed Apple ID
  • Login to your Apple Business Manager
  • Navigate to Accounts
  • Click Add New Account
  • Enter a Name
  • Enter a Last Name
  • Enter a Managed Apple ID Username
  • Under Roles Select Staff
  • Select your Location
  • As Email Address use e.g. the corporate email address of the user or any other personal email address where the temporary Managed Apple ID password should be send to
  • Click Save
  • Click Create Sign-In
  • Select Send as an email 
  • Click Continue
  • Click Done
Configure Self Service Portal (optional)

During Enrollment via Self Service Portal Silverback will automatically pre fill the Managed Apple ID field with the given preset

  • Click Save
Create Enrollment
  • Open Self Service Portal
  • Login with your user credentials
  • Enter a phone number (optional)
  • Change the Ownership to User Enrollment for iOS
  • Enter your created Managed Apple ID or use the prefilled
  • Click Start
Enroll your device
  • Open Camera on the iOS device
  • Scan the QR-Code
  • Open the enrollment page
  • Download the configuration Profile with pressing Allow
  • Click Close
  • Open iOS Settings
  • Tab Enrol in Silverback
  • Press Enrol my iPhone
  • Enter the passcode of the device, if needed
  • Enter the temporary Managed Apple ID password, which has been send to the user 
  • Tab Sign-In
  • Choose a verification method, either Text Message or Phone Call
  • Press Send
  • Either you need to enter the verification code given by the phone call or the code will be automatically detected
  • Now enter your temporary Managed Apple ID password
  • Enter a new password
  • Tab Change
  • Enrollment process will be finished and the device will be managed
Changes in Management

Due to the fact that User Enrollment is a modified version of the MDM protocol with a much greater focus on user privacy, which is implemented with a level of security that enterprises and end users should be comfortable with,  a limit subset of Management capabilities are given to personal owned devices with the User Enrollment. This includes the following changes:

Changes in Device Actions
  • Clear Passcode is not supported
Changes in Device Overview
  • Serial Number isn't exchanged
  • IMEI isn't exchanged
  • MAC Addresses aren't exchanged
  • Network Information aren't exchanged
  • Available OS Updates aren't transmitted to the backend
  • Personal installed apps aren't listed
Changes in Applications
  • Take management if the app is already is not unsupported
Changes in Restrictions

Only a couple of restrictions are sufficient with the User Enrollment. These includes:

  •     Notification view on Lock screen not allowed
  •     Opening documents from unmanaged to managed apps not allowed
  •     Siri not allowed
  •     Safari fraud warning enforced
  •     Siri while locked not allowed
  •     Opening documents from managed to unmanaged apps not allowed
  •     Today view on Lock Screen not allowed
  •     Screen Capture not allowed
Unsupported Methods
  • Certificate Based Authentication for Exchange

New Restrictions

iOS13 and iPadOS13 brings a couple of new restrictions, which requires a supervised device. So therefor they are not available for iOS User Enrollment.

  iPhone iPad iOS User Enrollment
Allow Hotspot Modification supervised, iOS13 supervised, iPadOS13 not supported
Allow Find My Device supervised, iOS13 supervised, iPadOS13 not supported
Allow Find My Friends supervised, iOS13 supervised, iPadOS13 not supported
Allow QuickPath Keyboard supervised, iOS13 supervised, iPadOS13 not supported
Force Wi-Fi Power On supervised, iOS13 supervised, iPadOS13 not supported
Allow Files Network Drive Access  supervised, iOS13 supervised, iPadOS13 not supported
Allow Files USB Drive Access  supervised, iOS13 supervised, iPadOS13 not supported

After updating to this Silverback Release, Force Wi-Fi Power On will be enabled by default.

iPadOS General Support

iPadOS is an operating system from Apple for iPads. It was unveiled at the Worldwide Developers Conference on June 3, 2019. With the introduction of iPadOS, iPads and iPhones no longer share iOS to provide iPads with more features. From a device management perspective iPadOS is more similar to macOS instead of iOS. Due to our iPadOS support, the enrollment into Silverback will be covered by a macOS near mdm agent. This will lead to the fact that all new iPadOS enrollments need as minimum required Silverback version this release. With older Silverback version you will receive an error with "Invalid Payload". 

19.0.2_19.png

As major benefit of the new iPadOS offers for example, new views for apps to work with multiple applications in parallel. For the first time, external hard disks and USB sticks can be connected and managed. The integrated Safari web browser offers new features familiar from the Mac version, such as a download folder. There are also optimized functions for selecting and managing text. In combination with macOS Catalina, the iPad can be used as a second screen with iPadOS and "Sidecar" in newer models. For the first time, the iPad and the iPhone gets support for the mouse as an input device.

Please note that a device, which has never been enrolled to Silverback, needs a deactivated Request Desktop Website option in Safari Settings (Settings > Safari > Settings for Websites) to enroll properly into the Management System

App Store Search by Country

In the latest major version of Silverback 19.0 we added an updated App Store API for adding applications, which made it easier to find and add applications into the Management System. With this release we extended the functionality with an application search by country. It could be that applications aren't available in one country, but in another and you may wonder, why this application will not be installed on all devices. In this case you can easily use the app store search by country to find out, if the needed application is available in a particular country. Please note that until this release United States was the predefined country and it is not necessary (and not possible) to add an application in multiple countries. If you add the application e.g with country Germany, the application will be installed on any other location, where the application itself is available. 

19.0.2_09.png

Remember my choice for store search

As mentioned in App Store Search by Country, United States is and was the default country location. If you intend switch to another default country you can enable the Remember my choice checkbox which will set the default country for all upcoming searches. 

19.0.2_08.png

Custom Passwords for Email

Depending on when you started with Silverback as your Mobile Device Management or Enterprise Mobility Management Solution you may remember that we brought the Group Mailbox Feature for Exchange Active Profiles in Version 18.0. We always appreciate the feedback that you provide us in our Ideal Portal. Custom Passwords for Email was one of the idea where we decided to bring it into this release. So from now on you will be able to use the Group Mailbox Feature not only for Exchange Active Profiles but also in Email Profiles for IMAP/POP3 mailboxes. 

19.0.2_06.png 19.0.2_07.png
   

Android & SamsungSafe

Please find all new Android Features in Silverback 19.0 Update 2 below.

Managed Application Actions for Android Enterprise

We are happy to bring a useful feature for all Administrators to Silverback 19.0 Update 2. With this release Administrators have now the ability to remotely install and uninstall applications for Android Enterprise. This feature is supported on both variants, Device Owner and Work Profile and supports Managed Play applications and Enterprise applications. Open from Device Overview Actions and select Management Applications. In the following screen  you will see all available applications for a remote installation based on assigned Tag(s).

The window will refresh itself automatically in a period of 5-10 seconds. 

19.0.2_28.png

New Restrictions

With Silverback 19.0 Update 2 the following new restrictions are available. 

  Device Owner Work Profile Legacy Management
Allow Factory Wipe Available Not supported Not supported
Allow Airplane Mode Available for Android 9 and higher Available for Android 9 and higher Not supported
Allow Ambient Display Available for Android 9 and higher Not supported Not supported
Allow Configuration of Brightness Available for Android 9 and higher Not supported Not supported
Allow Configuration of Date, Time and Timezone Available for Android 9 and higher Not supported Not supported
Allow Configuration of Location Available for Android 9 and higher Available for Android 9 and higher Not supported
Allow Configuration of Screen Off Timeout Available for Android 9 and higher Not supported Not supported
Allow Printing Available for Android 9 and higher Available for Android 9 and higher Not supported
Allow Volume Control Available for Android 9 and higher Available for Android 9 and higher Not supported
Allow USB Host Storage Available Available Not supported
Allow Android Beam Available Available Not supported
Permission Policy
  • Prompt (Default)
  • Auto Grant
  • Auto Deny
  • Prompt (Default)
  • Auto Grant
  • Auto Deny
Not supported

Unlimited Past Days of Mail to Sync for Gmail

With this release we extended the Past Days of Mail to Sync option with the value Unlimited, so basically all emails will the sync with Gmail with no specific period.

19.0.2_20.png

Windows 10

Please find all new Windows 10 Features in Silverback 19.0 Update 2 below.

Custom Profiles

Windows 10 Modern Management is getting more and more important for us and for the market that we are addressing. Upfront we would like to inform you that we will increasingly integrate Windows 10 settings into the product in the coming releases. As a good starting point in this Release we bring a new capability into our product to create a custom profile. This is very helpful if you are dependent to a new feature that Microsoft will release between any of our Silverback releases. Custom Profiles will ensure that you as an Administrator will be able to address any missing feature by generating a profile by yourself. We will release soon a corresponding Knowledge Base article which will describe a going forward process of how to create them in detail. Please stay tuned for any upcoming related articles in our Knowledge Base

19.0.2_16.png 19.0.2_17.png 19.0.2_18.png
     

Rename Device

For any Windows 10 device you will find a new Item called Rename under Actions. By using the Rename functionality you will be able to remotely rename the current device. After a restart the Device will change the Computer Name to the one you defined here. 

19.0.2_10.png

macOS

Please find all new macOS Features in Silverback 19.0 Update 2 below.

General Support for macOS Catalina

macOS Catalina as version 10.15 is the sixteenth major release of macOS, the desktop operating system for Macintosh computers. It is the successor to macOS Mojave and was announced at WWDC 2019 on June 3. Catalina is the first version of macOS to exclusively support 64-bit applications. It will be released as a free update in October 2019. This time the system is named after Santa Catalina Island, which is located off the coast of southern California. You can find the list of new features available with macOS Catalina here: macOS Catalina - Features - Apple.  

19.0.2_32.png

Simple Enrollment

Within this release we added the ability to use Simple Enrollment for macOS and iPadOS. With activated Simple Enrollment the end user doesn't need to enter the One Time Password, when the enrollment will be done through the Self Service Portal on the device itself. When your user will open either enrollment link in the provided SMS or opens directly the enrollment link in the browser, the device will be directly enrolled without the need of entering the One Time Password. 

With activated QR-Code enrollment, Simple Enrollment will be activated by default for each platform. 

19.0.2_21.png

Volume Purchase Program (Preview)

In order to bring the same experience for iOS, iPadOS and macOS we started to bring the Volume Purchase Program for macOS into Silverback. With this release you will be able to synchronize purchased macOS applications via the Volume Purchase Program with the App Portal. This feature acts as a preview because the application installations is currently not supported. On your macOS devices you will receive a notification from the App Store that the application is not found, so the application will not be installed. We are currently in progress together with Apple to make the Volume Purchase Program completely available. So please stay tuned for upcoming announcements. 

19.0.2_22.png

tvOS

Please find all new tvOS Features in Silverback 19.0 Update 2 below.

tvOS13 General Support

tvOS 13, the newest version of tvOS, introduces some notable changes that make the TV watching experience better than ever. From the Mobile Device Management part, tvOS13 brings a couple of new capabilities along. So, in preparation for tvOS13 we added the following capabilities:

  • New Restriction has been implemented
  • DEP Skip Setup Items has been extended
    • Tap To Set Up Option
    • Aerial Screensavers 
    • TV Home Sync Screen
    • TV Provider Sign In Screen
    • TV Room

New Restrictions

For tvOS in Silverback 19.0 Update 2 we added the following new restrictions.

Settings Configuration Minimum Version Description
Maximum Level of App Content allowed on the device
  • All
  • 17+
  • 12+
  • 9+
  • 4+
  • None
11.3 This value defines the maximum level of app content that is allowed on the device
Maximum Level of Movie Content allowed on the device
  • All
  • NC-17
  • R
  • PG-13
  • PG
  • G
  • None
11.3 This value defines the maximum level of movie content that is allowed on the device
Maximum Level of TV Content allowed on the device
  • All
  • TV-MA
  • TV-14
  • TV-PG
  • TV-G
  • TV-Y7
  • TV-Y
  • None
11.3 This value defines the maximum level of TV content that is allowed on the device
Allow Incoming AirPlay Requests Enabled or Disabled 10.2 If set to false, the Apple TV cannot be paired for use with the Remote app or Control Center widget.
Allow Device Sleeping Enabled or Disabled 13.0 If set to false, the Apple TV will not go to sleep.
Prevent Listed Bundle IDs from being shown or launchable e.g. com.netflix.Netflix 11.0 Defines a blacklist of applications which will not be shown or launchable on the device
Allow Only Listed Bundle IDs from being shown or launchable e.g. com.amazon.aiv.AIVApp 11.0 Defines a whitelist of applications which will be shown or launchable on the device

New Profiles

In addition to new Restrictions for tvOS Silverback 19.0 Update 2 includes the following new configurable profiles, which will give Administrator a more secure way to tvOS Management at all. 

AirPlay Security

The AirPlay Security payload locks the Apple TV to a particular style of AirPlay Security and is located under Profile > AirPlay Security. 

Setting tvOS Description
AirPlay Security Enabled or Disabled Enables or disables the profile
Profile Name e.g. AirPlay Defines the profile name
Access Type
  • Any
  • WiFi only

Any allows connections from both Ethernet/WiFi and AWDL.

WiFi only allows connections only from devices on the same Ethernet/WiFi network as the Apple TV.

Security Type
  • Passcode once
  • Passcode always
  • Password

Passcode once will require an on-screen passcode to be entered on the first connection from a device. Subsequent connections from the same device will not be prompted.

Passcode always will require an on-screen passcode to be entered upon every AirPlay connection.

Password will require a passphrase to be entered as specified in the Password key.

TV Remote

This profile allows restricting the connections from the Apple TV Remote app to an Apple TV and restricting the available Apple TV devices in the Apple TV Remote app. This configuration is supported only on supervised devices. The process is pretty straight forward. Navigate to the TV Remote Profile, click enabled and give a name. Press on the + icon to add the MAC - address of the allowed remote device. Click OK and Press Save. 

19.0.2_24.png

ChromeOS

Chrome OS is a Linux kernel-based operating system designed by Google. It is derived from the free software Chromium OS and uses the Google Chrome web browser as its principal user interface. Chrome OS primarily supports web applications. Chrome OS has an integrated media player and file manager which supports Chrome Apps, which resemble native applications, as well as remote access to the desktop. Android applications started to become available for the operating system in 2014. In 2016, access to Android apps in the entire Google Play Store was introduced on supported Chrome OS devices. Due to the fact that more and more Chrome OS machines have entered the market, we decided to bring ChromeOS Management to Silverback. 

General Support

ChromeOS Management differs from the management of other platforms like iOS, Android, macOS or Windows 10. In general device configurations will be done in G-Suite Administrator Console, so talking about ChromeOS Management is more in a way of an integration instead of a true management at all. With this release we have added the possibility to bring your ChromeOS devices into Silverback for an holistic Device Management approach. Managed ChromeOS Devices from G-Suite will be included and displayed in Silverback.

Please check our ChromeOS Integration Guide for further information.

19.0.2_30.png

Device Information

After opening Device Information you will have the possibility to Refresh device Information and also get information about Hardware and OS information like Serial Number, Mac-Addresses, Chrome version and more. 

19.0.2_29.png

Device Actions

Supported Device Actions are:

  • Refresh: Force a device check in to retrieve device information
  • Block Device: Device will be moved to Blocked in Device Overview
  • Delete Business Data: Device will be moved to Checked Out in Device Overview. You will need to provide a reason for the check out action.
    • Upgrading or replacing with a newer model
    • Reselling, donating, or permanently removing
    • Replace with the same model from a repair vendor
  • Unblock Device: Device will be move from Blocked to Managed  in Device Overview

Mobile Applications

Companion (Android) 

Release Version: 19.0.2.12

  • Android Q Support
  • Added 7-Day Logging
  • Added option to display certificates in Management Console
  • New restriction support for Android Enterprise
  • Fixes and improvements for background activitites
  • Fixes and improvements for user certificates
  • Fixes and improvements for certificate trusts
  • Fixes and improvements for Exchange Active Sync profiles
  • Fix for Allow App Store restriction on Samsung 
  • Was this article helpful?