Essentials MDM 5.34.0: - MySQL 8 requirement Essentials MDM 5.35 (next version) will require MYSQL greater than 8.0.26. Please review the migration guide: https://support.famoc.com/en/support/solutions/articles/23000025415 - Support for Firebase Cloud Messaging API Legacy Android Firebase Cloud Messaging (FCM) APIs will be discontinued starting June 20, 2024. With 5.34 version, Android Agents will use modern Firebase Cloud Messaging API authentication mechanism. System administrator will need to generate new auth tokens in Firebase project. Notification and instructions about it are displayed before 5.34 update starts. More details about the migration can be found here: https://support.famoc.com/en/support/solutions/articles/23000026161 - Generic Campaign changes: - Possibility to set campaign duration (start / end date and time window) - Start / End Date fields are required, and default end date is set to + 1 week - Start / End Date and time window fields can be changed when campaign status is "pending" - End date can be changed also when campaign status is "in progress" - For campaign with status "finished" we can create another campaign for operations that failed - Name and description of the campaign can be changed anytime (not depending on campaign status) - Campaign summary view - Restart device - new action on Campaigns tab It is now possible to schedule restart device action using campaigns. Administrator can create new campaign type: Restart devices. This campaign type can be set in different schedule modes: - Execute once - operation will be executed once during scheduled campaign - Execute to success in time window - operation will be executed once in time window set in campaign - Recurring operation - administrator can execute the action e.g. every day at 4pm or on Fridays at 5pm (during the campaign schedule) Detailed description of the Campaigns can be found on documentation page: https://support.famoc.com/en/support/solutions/articles/23000025970-campaigns - New iOS agent 5.0.0: - Remote screen feature On iOS devices just screen sharing is possible. When remote access is disabled in policy, initiating a session from the application is not possible. The Apple policy on iOS always requires user consent and conscious confirmation of the session, hence initiating a session is only possible through user interaction, and any settings in the policy have no impact. When an administrator initiates a session, the user receives an alert triggered by a loud push, dependent on the app state: - app in foreground: user is informed with an alert (Accept/Deny) - app terminated / in background: The system displays a delivered notification; clicking it triggers the same alert as described above. Upon accepting the session, the transmission window should open automatically. On denial, the app notifies the server that the user rejected the session. States of the Remote Access button: - Remote Access: indicates that the session is not connected - Please Wait: signifies that an action was triggered, and certain state require a few seconds for processing before displaying the appropriate state - Initializing: involves collecting all necessary data for the connection - Connecting: indicates successful initialization, with the device connecting to the room prepared by the server. When the "Connecting" state changes to successful, the application trigger the screen broadcast uploader view. On this view, only Essentials MDM application should be available for the selection, with a "Start Broadcast" button. After clicking it, the state changes to "Please Wait", and when the broadcast starts, it transitions to "Stop Session" - Stop Session: signifies that the session is in progress, and the stream started successfully - Improvements in location handling when the interval is not set - New macOS agent 4.2.0: - Drag & Drop support (left mouse button) during remote session - Support for the missing keypresses during remote session: - quotes - lefthand backward slash/pipe - the arrow keys - the numpad section including arrows, numbers - option (ALT) modifier long press - command button (winkey) - Support for the missing mouse events during remote session: - double-clicks - mouse dragging - Restart / shutdown action support When a shutdown input is initiated for the application, it will assess whether any ongoing operations are in progress. If there are no active operations, the app will display a straightforward alert, providing the user with the option to either shut down the app or move it to the dock. - Improved clicking on external display during remote session - Improved cursor behaviour while hovering over the search input field - Refresh button support There is a new button that invokes connection to the MDM server and checks pending operations. It is located at the top of the content side in the agent. NOTE. The button can be clicked only once within a 10-second period. - Reduced font size of sidebar's texts for wide screens - Long messages handling The message popup now contains a shortened message if the message exceeds ~2000 chars. Full message content is now available in the Message tab - Essentials MDM RTC service changes: - Improved essentials-mdm-rtcd process handling - Narrowed down scope of essentials-mdm service UID Essentials MDM RTC is now used in macOS and iOS Remote Access functionality. More details on Essentials MDM RTC integration can be found on support page: https://support.famoc.com/en/support/solutions/articles/23000026210-essentials-mdm-remote-access-system-guide - New permissions while setting the Device Owner application permissions exceptions - Location permissions: "Access location in the background" and "Access any geographic locations persisted in the user's shared collection" - Phone permission: Continue a call which was started in another app - Option to manage rotation on Android dedicated device If the 'Lock rotation' toggle is turned on, it is not possible to rotate the screen of the Launcher or apps. If the 'Lock rotation' toggle is turned off, it is possible to rotate the screen of the Launcher and apps ((depends on apps support for rotation). NOTE. Launcher view cannot be locked in horizontal position. - iOS, iPadOS, tvOS 17.3, 17.4 platforms support - macOS 14.3, 14.4 platforms support - Upgrade of the Apple VPP API to the new App and Book Management APIv2 - [UI]Reporting the OS security sub-versions of Apple devices Rapid security version and the supplemental OS build version is now added to device details tab and device list. - [UI] "Select all" feature improvements on all lists in Management UI Improved UX to make it clear, how many items are currently selected especially in combination with applied filter / searches. - There are now options: - Select all (when no items are selected) - Add to selection all matching the filters (when some items are already selected) - Deselect all - "Select all on this page" option is now removed - There is additional indicator that shows how many items are currently selected (with all items count) - When the user has any items selected and then uses some kind of filter (tag/search/saved search) confirmation dialog will be shown asking if user wants to remember the items previously selected or removed them from the selection. The answer to the confirmation dialog will be remembered until the browser page is reloaded (or the user leaves the list and then visits it again) The same rules apply to export option. - [UI] Send message / Send predefined message with full screen message option It is now possible to send messages to the Android devices as a full screen message. Option is available on Android fully managed and dedicated devices. The user is not able leave the message view without confirmation. - [UI] Improvements in Azure AD integration - Possibility to renew Azure API keys - Information about the API keys that will expire soon (in 1 month) - [UI] Possibility to filter locations by date while exporting the data - [UI] Unification of the fields view with autocomplete list - When the user can select any items from the list or add new ones (like package name lists) the selection list will display "Select or create a new element" placeholder - When the user is supposed to select the items from the list but is not allowed to add new ones (like device models) the selection list will display "Select" placeholder - When there are no predefined values on the list, but the user is allowed to add new ones (filter values), selection list will display "Add a new element" placeholder - [UI] Identifier of the device (IMEI, Device UID, Serial number) is now displayed under the device icon on device details tab - [UI] Possibility to copy fields values from the list (e.g. IMEI on device list) - [UI] Improvements on Settings > Groups tab Larger window is now displayed when opening preview, edit, assign policies views. The change applies to user groups, device groups, application groups, smart groups. - [UI] Samsung KME device counter includes now devices added without csv file (e.g. when "User credentials" auth method was used) - [UI] Apple DEP setup enhancements: - Added new initial screens that can be skipped: - Welcome screen - Accessibility - Device to device migration - Enable lockdown mode - Messaging activation using phone number - Restore completed - Terms of address - Safety - Software update completed - [UI] When device limit is reached in Management UI, button to add devices is now visible with proper message - [advUI] Changed message when device limit is reached in organization New message: "You cannot add more devices. Limit has been reached. Please contact your service provider." - Alert during user login problems Now, when user has a problem with login proper alert and error message in server logs are generated. Supported cases: - Wrong password - Wrong username - Disabled account - Locked account Supported login pages: - Samsung KME web view - Apple DEP web view - Android zero-touch web view - QR enrollment web view - Admin console login page - Recovery mode - Android Base Agent enrollment from Google Play Server logs topics: - AUTH_LOCKED - AUTH_DISABLED - AUTH_WRONG_PASSWORD - AUTH_WRONG_LOGIN - Possibility to choose format (csv, zip) of scheduled reports attachments New variables that can be specified in config.php: - $cons_report_attachment_max_csv_size_in_kb = xxx; // (default value = 1024 - 1MB) - $cons_report_attachment_max_zip_size_in_kb = xxx; // (default value = 20*1024 - 20MB) If plain csv report is greater than the first variable, it will be attached as a zip file to forwarded email. If zipped report is greater than the second variable, zipper report will not be attached to the email - getUserDetails web service with support for dictionary type custom fields - New reports: - Apple devices count by OS version with rapid security info - Send message operations - Upgrade of the libraries: - Nodejs to 16.20.2 version - Lodash to 4.17.21 - Leaflet v1.9.4 - Configuration utility on proxy server, famoc-config -> System configuration -> Proxy base settings will accept non-ip internal qualified hostnames in "Application backend address" field - Plug&Play application (1.14.15): - Support for the dark mode Layout of the Plug&Play application can be now changed to the dark mode. Toggle is available at the bottom right of the app screen. - FileViewer application (1.7.2): - Showing badge on icon when the file is new, updated or folder contains any change from the time it was opened